import krb4-1.0.5

124 files changed, 5644 insertions, 1611 deletions

diff --git a/crypto/kerberosIV/ChangeLog b/crypto/kerberosIV/ChangeLog
index cd393239aaef..d0300be40481 100644
--- a/crypto/kerberosIV/ChangeLog
+++ b/crypto/kerberosIV/ChangeLog
@@ -1,6 +1,141 @@
+2000-12-25
+
+	* configure.in (VERSION): bump to 1.0.5
+
+2000-10-19
+
+	* include/Makefile.in (HEADERS): add md4.h, md5.h, sha.h and rc4.h
+	* appl/kip/common.c (WCOREDUMP): add fallback definition
+
+2000-10-18
+
+	* lib/krb/dest_tkt.c (dest_tkt): only return valid error codes
+	back
+
+	* kadmin/admin_server.c: re-structure code to handle DoS attacks
+	better only allow a constant number of children (100 currently)
+	keep track of which children have gotten authentication
+	information and kill the non-authenticated children when there are
+	new connections
+
+2000-10-16
+
+	* server/kerberos.c: handle a fixed number (100) of TCP
+	connections and kill some randomly if all are busy to try to
+	mitigate the effects of DoS attacks
+
+2000-10-08
+
+	* lib/krb/send_to_kdc.c (send_recv): check that fds are not too
+	large to select on
+	* kadmin/admin_server.c (kadm_listen): check that fds are not too
+	large to select on
+	* appl/kip/common.c (*): check that fds are not too large to
+	select on
+	* appl/bsd/rshd.c (doit): check that fds are not too large to
+	select on
+	* appl/bsd/rsh.c (talk): check that fds are not too large to
+	select on
+	* appl/bsd/rlogin.c (reader): check that fds are not too large to
+	select on
+	* appl/bsd/kcmd.c (kcmd): check that fds are not too large to
+	select on
+
+2000-09-25
+
+	* config.guess: update to version 2000-09-05 (aka 1.156) from
+	subversions.gnu.org plus some minor tweaks
+	* config.sub: update to version 2000-09-11 (aka 1.181) from
+	subversions.gnu.org
+
+2000-09-09
+
+	* appl/kip/kipd.c: add back droped slash in kip-control
+
+2000-08-16
+
+	* configure.in (getmsg): re-do so it possibly works on redhat 7.0
+
+2000-08-09
+
+	* kuser/klist.c (display_srvtab): do not call warn with a variable
+	as format string
+
+	* appl/bsd/rshd.c (doit): do not call warnx with a variable as
+	format string
+
+2000-07-30
+
+	* doc/install.texi: say something about siacfg
+	
+2000-06-28
+
+	* lib/krb/dest_tkt.c (dest_tkt): rewrite to lstat and compare
+	numbers
+
+2000-06-10
+
+	* appl/bsd: work-around setuid and capabilities bug fixed in Linux
+	2.2.16
+
+2000-06-08
+
+	* configure.in: do not use streams ptys on HP-UX 11
+
+2000-05-15
+
+	* lib/krb/rw.c (krb_get_nir): add explicit lengths to the
+	parameters.  before this the function `knew'.  change callers.
+
+2000-05-14
+
+	* appl/afsutil/aklog.c: look not only in /usr/vice/etc but also in
+	/usr/arla/etc for configuration files
+
+2000-04-25
+
+	* lib/krb/tf_util.c (tf_create): just remove the over-writing of
+	the old ticket file.
+
+2000-04-09
+
+	* lib/krb/getaddrs.c (k_get_all_addrs): apperently solaris can
+	return EINVAL when the buffer is too small.  cope.
+	* appl/bsd/rshd.c (doit): exec the correct shell
+
+2000-03-26
+
+	* config.guess, config.sub: update to current version from
+	:pserver:anoncvs@subversions.gnu.org:/home/cvs
+
+	* appl/bsd/rlogind.c (rlogind_logout, logwtmp): make sure to
+	always call time and ctime with `time_t's.  there were some types
+	(like in lastlog) that we believed to always be time_t.  this has
+	proven wrong on Solaris 8 in 64-bit mode, where they are stored as
+	32-bit quantities but time_t has gone up to 64 bits
+	* appl/bsd/login.c: dito
+
+2000-03-20
+
+	* configure.in: add solaris2.8
+
+2000-03-15
+
+	* configure.in: on all versions of aix, add `-bnolibpath' to the
+	linker.  otherwise ld will interpret -L as run-time path for where
+	to find shared libraries and looking in ../../foo is a bad idea.
+	bug report from Niklas Edmundsson <nikke@ing.umu.se>
+
+2000-03-09
+
+	*  Release 1.0.1
+
 1999-11-29
 
+	*  Release 1.0
+
 	* lib/krb/krb-protos.h (tf_get_cred_addr): add prototype
+
 	* lib/krb/tf_util.c (tf_get_cred_addr): new function for fetching
 	the NAT addresses stored in the ticket file. From
 	<thn@stacken.kth.se>
diff --git a/crypto/kerberosIV/NEWS b/crypto/kerberosIV/NEWS
index f839116630b9..ac5107884973 100644
--- a/crypto/kerberosIV/NEWS
+++ b/crypto/kerberosIV/NEWS
@@ -1,3 +1,76 @@
+Changes in release 1.0.5:
+
+* Remember to update version string.
+
+* Build fixes
+
+* multiple local realm fix in krb_verify_user
+
+Changes in release 1.0.4:
+
+* Only allow a small list of environment variables in telnetd
+
+* Fix one buffer overflow in libkrb
+
+* Make su handle multiple local realms
+
+* Build pic-ed archives (to be used with the pam module)
+
+* do not handle environment variables, use krb.extra instead
+
+* Disable KRBCONFDIR environment variable for root
+
+* fix shared libraries building on solaris
+
+Changes in release 1.0.3:
+
+* Handle DoS attacks in the KDC and the admin server better.
+
+* updated config.guess and config.sub
+
+* better db/gdbm discovery
+
+* bug fixes
+
+Changes in release 1.0.2:
+
+* Fix syslog(LOG_FOO, bug) calls in kauthd, kipd
+
+* Fix bug with systems have a 64bit `time_t'
+
+* Port to Solaris 8 (aka SunOS 5.8), HP-UX 11
+
+* Add AIX fix for shared libraries
+
+* Make afslog work with Arla
+
+* Be more paranoid about setuid for the sake of Linux 2.2.15
+
+* Make rshd afslog to the cell of the home directory
+
+* Improved kip/kipd
+
+* syslog with correct level in popper
+
+* install libraries correctly in lib/sl
+
+* more paranoia when overwriting and removing ticket files
+
+Changes in release 1.0.1:
+
+* Fix bug in ftpd when accepting connections
+
+* Make `-d' in kauth not imply `-a'
+
+* Adapt sia to new TKT_ROOT
+
+* Define `sockaddr_storage' in a fashion that works on
+  alignment-restricted architectures
+
+* Rewrite PAM module to work better.
+
+* Make all files in libdes build with CFLAGS
+
 Changes in release 1.0:
 
 * A new configuration option `nat_in_use' in krb.extra to ease use
diff --git a/crypto/kerberosIV/aclocal.m4 b/crypto/kerberosIV/aclocal.m4
index d2e1e944d505..0819f16389df 100644
--- a/crypto/kerberosIV/aclocal.m4
+++ b/crypto/kerberosIV/aclocal.m4
@@ -251,7 +251,7 @@ esac
 ])
 
 dnl
-dnl $Id: shared-libs.m4,v 1.4 1999/07/13 17:47:09 assar Exp $
+dnl $Id: shared-libs.m4,v 1.4.14.3 2000/12/07 18:03:00 bg Exp $
 dnl
 dnl Shared library stuff has to be different everywhere
 dnl
@@ -317,7 +317,7 @@ case "${host}" in
 	install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
 	;;
 changequote(,)dnl
-*-*-freebsd[34]*)
+*-*-freebsd[345]* | *-*-freebsdelf[345]*)
 changequote([,])dnl
 	REAL_SHLIBEXT=so.$SHLIB_VERSION
 	REAL_LD_FLAGS='-Wl,-R$(libdir)'
@@ -336,9 +336,14 @@ changequote([,])dnl
 	LDSHARED='ld -shared -expect_unresolved \*'
 	;;
 *-*-solaris2*)
+	LDSHARED='$(CC) -shared -Wl,-h$(LIBNAME).so.'"${SHLIB_SONAME}"
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	build_symlink_command='$(LN_S) [$][@] $(LIBNAME).so'
+	install_symlink_command='$(LN_S) $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
+	install_symlink_command2='$(LN_S) $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
 	REAL_LD_FLAGS='-Wl,-R$(libdir)'
 	if test -z "$GCC"; then
-		LDSHARED='$(CC) -G'
+		LDSHARED='$(CC) -G -h$(LIBNAME).so.'"${SHLIB_SONAME}"
 		REAL_PICFLAGS="-Kpic"
 	fi
 	;;
@@ -795,7 +800,7 @@ else
   $1_FALSE=
 fi])
 
-dnl $Id: krb-find-db.m4,v 1.5 1999/05/08 02:24:04 assar Exp $
+dnl $Id: krb-find-db.m4,v 1.5.16.1 2000/08/16 04:11:57 assar Exp $
 dnl
 dnl find a suitable database library
 dnl
@@ -825,6 +830,8 @@ for i in $1; do
 #include <fcntl.h>
 #if defined(HAVE_NDBM_H)
 #include <ndbm.h>
+#elif defined(HAVE_GDBM_NDBM_H)
+#include <gdbm/ndbm.h>
 #elif defined(HAVE_DBM_H)
 #include <dbm.h>
 #elif defined(HAVE_RPCSVC_DBM_H)
diff --git a/crypto/kerberosIV/admin/kdb_util.c b/crypto/kerberosIV/admin/kdb_util.c
index cff031c36501..1e3d1900f71a 100644
--- a/crypto/kerberosIV/admin/kdb_util.c
+++ b/crypto/kerberosIV/admin/kdb_util.c
@@ -15,7 +15,7 @@
 
 #include "adm_locl.h"
 
-RCSID("$Id: kdb_util.c,v 1.42 1999/09/16 20:37:21 assar Exp $");
+RCSID("$Id: kdb_util.c,v 1.42.2.1 2000/10/10 12:59:16 assar Exp $");
 
 static des_cblock master_key, new_master_key;
 static des_key_schedule master_key_schedule, new_master_key_schedule;
@@ -489,15 +489,19 @@ main(int argc, char **argv)
 
     switch (op) {
     case OP_DUMP:
-      if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
-	  (fclose(file) == EOF))
-	  err (1, "%s", file_name);
+      if ((dump_db(db_name, file, (void (*)(Principal *)) 0) == EOF)
+	  || (fflush(file) != 0)
+	  || (fsync(fileno(file)) != 0)
+	  || (fclose(file) == EOF))
+	err(1, "%s", file_name);
       break;
     case OP_SLAVE_DUMP:
-      if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
-	  (fclose(file) == EOF))
-	err (1, "%s", file_name);
-      update_ok_file (file_name);
+      if ((dump_db(db_name, file, (void (*)(Principal *)) 0) == EOF)
+	  || (fflush(file) != 0)
+	  || (fsync(fileno(file)) != 0)
+	  || (fclose(file) == EOF))
+	err(1, "%s", file_name);
+      update_ok_file(file_name);
       break;
     case OP_LOAD:
       load_db (db_name, file);
diff --git a/crypto/kerberosIV/appl/Makefile.in b/crypto/kerberosIV/appl/Makefile.in
index 2cc839102df7..74a3b9a0d0bd 100644
--- a/crypto/kerberosIV/appl/Makefile.in
+++ b/crypto/kerberosIV/appl/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.31 1998/04/26 09:59:31 assar Exp $
+# $Id: Makefile.in,v 1.31.6.1 2000/06/23 04:30:11 assar Exp $
 
 srcdir		= @srcdir@
 VPATH		= @srcdir@
@@ -8,7 +8,7 @@ SHELL		= /bin/sh
 @SET_MAKE@
 
 SUBDIRS		= sample kauth bsd movemail push afsutil \
-		  popper xnlock kx @OTP_dir@ @APPL_KIP_DIR@ ftp telnet
+		  popper xnlock kx kip @OTP_dir@ ftp telnet
 
 all:
 	for i in $(SUBDIRS); \
diff --git a/crypto/kerberosIV/appl/afsutil/aklog.c b/crypto/kerberosIV/appl/afsutil/aklog.c
index 22dbfe7b2f85..b3370da48b85 100644
--- a/crypto/kerberosIV/appl/afsutil/aklog.c
+++ b/crypto/kerberosIV/appl/afsutil/aklog.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -66,7 +66,7 @@
 
 #include <roken.h>
 
-RCSID("$Id: aklog.c,v 1.24 1999/12/02 16:58:28 joda Exp $");
+RCSID("$Id: aklog.c,v 1.24.2.1 2000/06/23 02:31:15 assar Exp $");
 
 static int debug = 0;
 
@@ -89,15 +89,15 @@ DEBUG(const char *fmt, ...)
 }
 
 static char *
-expand_cell_name(char *cell)
+expand_1 (const char *cell, const char *filename)
 {
   FILE *f;
   static char buf[128];
   char *p;
 
-  f = fopen(_PATH_CELLSERVDB, "r");
+  f = fopen(filename, "r");
   if(f == NULL)
-    return cell;
+    return NULL;
   while(fgets(buf, sizeof(buf), f) != NULL) {
     if(buf[0] == '>') {
       for(p=buf; *p && !isspace(*p) && *p != '#'; p++)
@@ -111,11 +111,25 @@ expand_cell_name(char *cell)
     buf[0] = 0;
   }
   fclose(f);
+  return NULL;
+}
+
+static const char *
+expand_cell_name(const char *cell)
+{
+  char *ret;
+
+  ret = expand_1(cell, _PATH_CELLSERVDB);
+  if (ret != NULL)
+    return ret;
+  ret = expand_1(cell, _PATH_ARLA_CELLSERVDB);
+  if (ret != NULL)
+    return ret;
   return cell;
 }
 
 static int
-createuser (char *cell)
+createuser (const char *cell)
 {
   char cellbuf[64];
   char name[ANAME_SZ];
@@ -129,9 +143,11 @@ createuser (char *cell)
 
     f = fopen (_PATH_THISCELL, "r");
     if (f == NULL)
-      err (1, "open(%s)", _PATH_THISCELL);
+      f = fopen (_PATH_ARLA_THISCELL, "r");
+    if (f == NULL)
+      err (1, "open(%s, %s)", _PATH_THISCELL, _PATH_ARLA_THISCELL);
     if (fgets (cellbuf, sizeof(cellbuf), f) == NULL)
-      err (1, "read cellname from %s", _PATH_THISCELL);
+      err (1, "read cellname from %s %s", _PATH_THISCELL, _PATH_ARLA_THISCELL);
     fclose (f);
     len = strlen(cellbuf);
     if (cellbuf[len-1] == '\n')
@@ -156,7 +172,7 @@ main(int argc, char **argv)
   int i;
   int do_aklog = -1;
   int do_createuser = -1;
-  char *cell = NULL;
+  const char *cell = NULL;
   char *realm = NULL;
   char cellbuf[64];
   
diff --git a/crypto/kerberosIV/appl/bsd/bsd_locl.h b/crypto/kerberosIV/appl/bsd/bsd_locl.h
index e39bc3686fc8..f742d63d83f1 100644
--- a/crypto/kerberosIV/appl/bsd/bsd_locl.h
+++ b/crypto/kerberosIV/appl/bsd/bsd_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: bsd_locl.h,v 1.111 1999/12/02 16:58:28 joda Exp $ */
+/* $Id: bsd_locl.h,v 1.111.2.1 2000/06/23 02:34:20 assar Exp $ */
 
 #define LOGALL
 #define KERBEROS
@@ -395,3 +395,5 @@ void prepare_utmp (struct utmp *utmp, char *tty, char *username,
 #endif
 
 int do_osfc2_magic(uid_t);
+
+void paranoid_setuid (uid_t uid);
diff --git a/crypto/kerberosIV/appl/bsd/kcmd.c b/crypto/kerberosIV/appl/bsd/kcmd.c
index af2035749e64..93b2b7004952 100644
--- a/crypto/kerberosIV/appl/bsd/kcmd.c
+++ b/crypto/kerberosIV/appl/bsd/kcmd.c
@@ -33,7 +33,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: kcmd.c,v 1.20 1998/07/13 13:54:07 assar Exp $");
+RCSID("$Id: kcmd.c,v 1.20.4.1 2000/10/10 12:55:55 assar Exp $");
 
 #define	START_PORT	5120	 /* arbitrary */
 
@@ -185,6 +185,14 @@ kcmd(int *sock,
 		{
 		    fd_set fds;
 		    FD_ZERO(&fds);
+		    if (s >= FD_SETSIZE || s2 >= FD_SETSIZE) {
+			warnx("file descriptor too large");
+			close(s);
+			close(s2);
+			status = -1;
+			goto bad;
+		    }
+
 		    FD_SET(s, &fds);
 		    FD_SET(s2, &fds);
 		    status = select(FD_SETSIZE, &fds, NULL, NULL, NULL);
diff --git a/crypto/kerberosIV/appl/bsd/login.c b/crypto/kerberosIV/appl/bsd/login.c
index 0d29ebee1b06..f2f08733df68 100644
--- a/crypto/kerberosIV/appl/bsd/login.c
+++ b/crypto/kerberosIV/appl/bsd/login.c
@@ -45,7 +45,7 @@
 #include <sys/capability.h>
 #endif
 
-RCSID("$Id: login.c,v 1.125 1999/11/30 19:24:01 bg Exp $");
+RCSID("$Id: login.c,v 1.125.2.2 2000/06/23 02:33:07 assar Exp $");
 
 #ifdef OTP
 #include <otp.h>
@@ -596,22 +596,28 @@ main(int argc, char **argv)
 	if (pwd->pw_change || pwd->pw_expire)
 		gettimeofday(&tp, (struct timezone *)NULL);
 
-	if (pwd->pw_change)
+	if (pwd->pw_change) {
+		time_t t;
+
 		if (tp.tv_sec >= pwd->pw_change) {
 			printf("Sorry -- your password has expired.\n");
 			changepass=1;
 		} else if (pwd->pw_change - tp.tv_sec <
-		    2 * DAYSPERWEEK * SECSPERDAY && !quietlog)
+			   2 * DAYSPERWEEK * SECSPERDAY && !quietlog) {
+			t = pwd->pw_change;
 			printf("Warning: your password expires on %s",
-			    ctime(&pwd->pw_change));
+			       ctime(&t));
+		}
 	if (pwd->pw_expire)
 		if (tp.tv_sec >= pwd->pw_expire) {
 			printf("Sorry -- your account has expired.\n");
 			sleepexit(1);
 		} else if (pwd->pw_expire - tp.tv_sec <
-		    2 * DAYSPERWEEK * SECSPERDAY && !quietlog)
+			   2 * DAYSPERWEEK * SECSPERDAY && !quietlog) {
+			t = pwd->pw_expire;
 			printf("Warning: your account expires on %s",
-			    ctime(&pwd->pw_expire));
+			       ctime(&t));
+		}
 #endif /* defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE) */
 
 	/* Nothing else left to fail -- really log in. */
@@ -788,6 +794,11 @@ main(int argc, char **argv)
 		    if(!rootlogin)
 			    exit(1);
 	    }
+	    if (uid != 0 && setuid(0) != -1) {
+	            syslog(LOG_ALERT | LOG_AUTH,
+			   "Failed to drop privileges for user %d", uid);
+		    errx(1, "Sorry");
+	    }
 	}
 		       
 
@@ -953,6 +964,7 @@ dolastlog(int quiet)
 #if defined(HAVE_LASTLOG_H) || defined(HAVE_LOGIN_H)
 	struct lastlog ll;
 	int fd;
+	time_t t;
 
 	if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
 		lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
@@ -966,8 +978,8 @@ dolastlog(int quiet)
                                 sleepexit(1);
                         }
                         if (!quiet) {
-                                printf("Last login: %.*s ",
-                                    24-5, ctime(&ll.ll_time));
+				t = ll.ll_time;
+                                printf("Last login: %.*s ", 24-5, ctime(&t));
                                 if (*ll.ll_host != '\0') {
                                         printf("from %.*s\n",
                                             (int)sizeof(ll.ll_host),
@@ -983,8 +995,8 @@ dolastlog(int quiet)
 		if (!quiet) {
 			if (read(fd, &ll, sizeof(ll)) == sizeof(ll) &&
 			    ll.ll_time != 0) {
-				printf("Last login: %.*s ",
-				    24-5, ctime(&ll.ll_time));
+				t = ll.ll_time;
+				printf("Last login: %.*s ", 24-5, ctime(&t));
 				if (*ll.ll_host != '\0')
 					printf("from %.*s\n",
 					    (int)sizeof(ll.ll_host),
@@ -998,7 +1010,7 @@ dolastlog(int quiet)
 		}
 #endif /* SYSV_SHADOW */
 		memset(&ll, 0, sizeof(ll));
-		time(&ll.ll_time);
+		ll.ll_time = time(NULL);
 		strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
 		if (hostname)
 			strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
diff --git a/crypto/kerberosIV/appl/bsd/rcmd_util.c b/crypto/kerberosIV/appl/bsd/rcmd_util.c
index 1dfb46dbb07a..cd431e3ebb48 100644
--- a/crypto/kerberosIV/appl/bsd/rcmd_util.c
+++ b/crypto/kerberosIV/appl/bsd/rcmd_util.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,7 +33,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: rcmd_util.c,v 1.19 1999/12/02 16:58:28 joda Exp $");
+RCSID("$Id: rcmd_util.c,v 1.19.2.1 2000/06/23 02:34:48 assar Exp $");
 
 int
 get_login_port(int kerberos, int encryption)
@@ -245,3 +245,19 @@ warning(const char *fmt, ...)
     }
     va_end(args);
 }
+
+/*
+ * setuid but work-around Linux 2.2.15 bug with setuid and capabilities
+ */
+
+void
+paranoid_setuid (uid_t uid)
+{
+    if (setuid (uid) < 0)
+	err (1, "setuid");
+    if (uid != 0 && setuid (0) == 0) {
+	syslog(LOG_ALERT | LOG_AUTH,
+	       "Failed to drop privileges for uid %u", (unsigned)uid);
+	err (1, "setuid");
+    }
+}
diff --git a/crypto/kerberosIV/appl/bsd/rcp.c b/crypto/kerberosIV/appl/bsd/rcp.c
index be8709755495..660be91933af 100644
--- a/crypto/kerberosIV/appl/bsd/rcp.c
+++ b/crypto/kerberosIV/appl/bsd/rcp.c
@@ -33,7 +33,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: rcp.c,v 1.52 1999/11/16 16:54:16 bg Exp $");
+RCSID("$Id: rcp.c,v 1.52.2.1 2000/06/23 02:35:16 assar Exp $");
 
 /* Globals */
 static char	dst_realm_buf[REALM_SZ];
@@ -415,7 +415,7 @@ kerberos(char **host, char *bp, char *locuser, char *user)
         int sock = -1, err;
 
 	if (use_kerberos) {
-	        setuid(getuid());
+	        paranoid_setuid(getuid());
 		rem = KSUCCESS;
 		errno = 0;
 		if (dest_realm == NULL)
@@ -559,7 +559,7 @@ toremote(char *targ, int argc, char **argv)
 				if (response() < 0)
 					exit(1);
 				free(bp);
-				setuid(userid);
+				paranoid_setuid(userid);
 			}
 			source(1, argv+i);
 		}
@@ -1002,7 +1002,7 @@ main(int argc, char **argv)
 		response();
 	    if(do_osfc2_magic(pwd->pw_uid))
 		exit(1);
-	    setuid(userid);
+	    paranoid_setuid(userid);
 	    if (k_hasafs()) {
 		/* Sometimes we will need cell specific tokens
 		 * to be able to read and write files, thus,
diff --git a/crypto/kerberosIV/appl/bsd/rlogin.c b/crypto/kerberosIV/appl/bsd/rlogin.c
index d057edea8276..60bed675051a 100644
--- a/crypto/kerberosIV/appl/bsd/rlogin.c
+++ b/crypto/kerberosIV/appl/bsd/rlogin.c
@@ -36,7 +36,7 @@
  */
 #include "bsd_locl.h"
 
-RCSID("$Id: rlogin.c,v 1.67 1999/11/13 06:13:02 assar Exp $");
+RCSID("$Id: rlogin.c,v 1.67.2.2 2000/10/10 12:54:26 assar Exp $");
 
 CREDENTIALS cred;
 Key_schedule schedule;
@@ -241,6 +241,8 @@ reader(void)
 		rcvcnt = 0;
 
 		FD_ZERO (&readfds);
+		if (rem >= FD_SETSIZE)
+		    errx (1, "fd too large");
 		FD_SET (rem, &readfds);
 		FD_ZERO (&exceptfds);
 		if (kludgep)
@@ -641,7 +643,7 @@ main(int argc, char **argv)
 	get_window_size(0, &winsize);
 
 	if (use_kerberos) {
-	        setuid(getuid());
+	        paranoid_setuid(getuid());
 		rem = KSUCCESS;
 		errno = 0;
 		if (dest_realm == NULL)
@@ -703,7 +705,7 @@ main(int argc, char **argv)
 #endif /* IP_TOS */
 #endif /* HAVE_SETSOCKOPT */
 
-	setuid(uid);
+	paranoid_setuid(uid);
 	doit();
 	return 0;
 }
diff --git a/crypto/kerberosIV/appl/bsd/rlogind.c b/crypto/kerberosIV/appl/bsd/rlogind.c
index 927ffc541d56..eae2dd6cdaf5 100644
--- a/crypto/kerberosIV/appl/bsd/rlogind.c
+++ b/crypto/kerberosIV/appl/bsd/rlogind.c
@@ -42,7 +42,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: rlogind.c,v 1.109 1999/11/25 05:27:38 assar Exp $");
+RCSID("$Id: rlogind.c,v 1.109.2.2 2000/06/23 02:37:06 assar Exp $");
 
 extern int __check_rhosts_file;
 
@@ -257,7 +257,7 @@ rlogind_logout(const char *line)
 	ut.ut_exit.e_exit = 0;
 #endif
 #endif
-	time(&ut.ut_time);
+	ut.ut_time = time(NULL);
 	fseek(fp, (long)-sizeof(struct utmp), SEEK_CUR);
 	fwrite(&ut, sizeof(struct utmp), 1, fp);
 	fseek(fp, (long)0, SEEK_CUR);
@@ -297,7 +297,7 @@ logwtmp(const char *line, const char *name, const char *host)
 	else
 	    ut.ut_type = DEAD_PROCESS;
 #endif
-	time(&ut.ut_time);
+	ut.ut_time = time(NULL);
 	if (write(fd, &ut, sizeof(struct utmp)) !=
 	    sizeof(struct utmp))
 	    ftruncate(fd, buf.st_size);
@@ -491,6 +491,13 @@ doit(int f, struct sockaddr_in *fromp)
 		    
 	    execl(new_login, "login", "-p",
 		  "-h", hostname, "-f", "--", lusername, 0);
+	} else if (use_kerberos) {
+	    fprintf(stderr, "User `%s' is not authorized to login as `%s'!\n",
+		    krb_unparse_name_long(kdata->pname, 
+					  kdata->pinst, 
+					  kdata->prealm),
+		    lusername);
+	    exit(1);
 	} else
 	    execl(new_login, "login", "-p",
 		  "-h", hostname, "--", lusername, 0);
diff --git a/crypto/kerberosIV/appl/bsd/rsh.c b/crypto/kerberosIV/appl/bsd/rsh.c
index 87fe1fe53369..a18f77550f9a 100644
--- a/crypto/kerberosIV/appl/bsd/rsh.c
+++ b/crypto/kerberosIV/appl/bsd/rsh.c
@@ -33,7 +33,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: rsh.c,v 1.43 1999/11/13 06:13:34 assar Exp $");
+RCSID("$Id: rsh.c,v 1.43.2.2 2000/10/10 12:53:50 assar Exp $");
 
 CREDENTIALS cred;
 Key_schedule schedule;
@@ -107,7 +107,10 @@ talk(int nflag, sigset_t omask, int pid, int rem)
 	goto done;
     bp = buf;
 
-    rewrite:	FD_ZERO(&rembits);
+    rewrite:   
+    FD_ZERO(&rembits);
+    if (rem >= FD_SETSIZE)
+	errx(1, "fd too large");
     FD_SET(rem, &rembits);
     if (select(rem + 1, 0, &rembits, 0, 0) < 0) {
 	if (errno != EINTR) 
@@ -140,6 +143,8 @@ talk(int nflag, sigset_t omask, int pid, int rem)
     if (sigprocmask(SIG_SETMASK, &omask, 0) != 0)
 	warn("sigprocmask");
     FD_ZERO(&readfrom);
+    if (rem >= FD_SETSIZE || rfd2 >= FD_SETSIZE)
+	errx(1, "fd too large");
     FD_SET(rem, &readfrom);
     FD_SET(rfd2, &readfrom);
     do {
@@ -253,7 +258,7 @@ main(int argc, char **argv)
     /* if no further arguments, must have been called as rlogin. */
     if (!argv[optind]) {
 	*argv = "rlogin";
-	setuid(getuid());
+	paranoid_setuid (getuid ());
 	execv(_PATH_RLOGIN, argv);
 	err(1, "can't exec %s", _PATH_RLOGIN);
     }
@@ -282,7 +287,7 @@ main(int argc, char **argv)
 	sv_port = get_shell_port(use_kerberos, doencrypt);
 
     if (use_kerberos) {
-	setuid(getuid());
+	paranoid_setuid(getuid());
 	rem = KSUCCESS;
 	errno = 0;
 	if (dest_realm == NULL)
@@ -342,7 +347,7 @@ main(int argc, char **argv)
     }
 #endif
 
-    setuid(uid);
+    paranoid_setuid(uid);
     {
 	sigset_t sigmsk;
 	sigemptyset(&sigmsk);
@@ -358,6 +363,7 @@ main(int argc, char **argv)
 	signal(SIGQUIT, sendsig);
     if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
 	signal(SIGTERM, sendsig);
+    signal(SIGPIPE, SIG_IGN);
 
     if (!nfork) {
 	pid = fork();
diff --git a/crypto/kerberosIV/appl/bsd/rshd.c b/crypto/kerberosIV/appl/bsd/rshd.c
index b750e72f3247..496fa881a7de 100644
--- a/crypto/kerberosIV/appl/bsd/rshd.c
+++ b/crypto/kerberosIV/appl/bsd/rshd.c
@@ -42,7 +42,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: rshd.c,v 1.60 1999/11/13 06:13:53 assar Exp $");
+RCSID("$Id: rshd.c,v 1.60.2.3 2000/10/18 20:39:12 assar Exp $");
 
 extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */
 extern int __check_rhosts_file;
@@ -200,6 +200,8 @@ doit(struct sockaddr_in *fromp)
     char *cp, sig, buf[DES_RW_MAXWRITE];
     char cmdbuf[NCARGS+1], locuser[16], remuser[16];
     char remotehost[2 * MaxHostNameLen + 1];
+    uid_t uid;
+    char shell_path[MAXPATHLEN];
 
     AUTH_DAT	*kdata;
     KTEXT		ticket;
@@ -433,6 +435,11 @@ doit(struct sockaddr_in *fromp)
 	    close(2);
 	    close(pv[1]);
 
+	    if (s >= FD_SETSIZE || pv[0] >= FD_SETSIZE) {
+		error ("fd too large\n");
+		exit (1);
+	    }
+
 	    FD_ZERO(&readfrom);
 	    FD_SET(s, &readfrom);
 	    FD_SET(pv[0], &readfrom);
@@ -441,6 +448,11 @@ doit(struct sockaddr_in *fromp)
 	    else
 		nfd = s;
 	    if (doencrypt) {
+		if (pv2[1] >= FD_SETSIZE || pv1[0] >= FD_SETSIZE) {
+		    error ("fd too large\n");
+		    exit (1);
+		}
+
 		FD_ZERO(&writeto);
 		FD_SET(pv2[1], &writeto);
 		FD_SET(pv1[0], &readfrom);
@@ -571,14 +583,16 @@ doit(struct sockaddr_in *fromp)
     snprintf(path, sizeof(path), "PATH=%s:%s", BINDIR, _PATH_DEFPATH);
 
     strlcat(shell, pwd->pw_shell, sizeof(shell));
+    strlcpy(shell_path, pwd->pw_shell, sizeof(shell_path));
     strlcat(username, pwd->pw_name, sizeof(username));
+    uid = pwd->pw_uid;
     cp = strrchr(pwd->pw_shell, '/');
     if (cp)
 	cp++;
     else
 	cp = pwd->pw_shell;
     endpwent();
-    if (log_success || pwd->pw_uid == 0) {
+    if (log_success || uid == 0) {
 	if (use_kerberos)
 	    syslog(LOG_INFO|LOG_AUTH,
 		   "Kerberos shell from %s on %s as %s, cmd='%.80s'",
@@ -591,12 +605,16 @@ doit(struct sockaddr_in *fromp)
 		   remuser, remotehost, locuser, cmdbuf);
     }
     if (k_hasafs()) {
+	char cell[64];
+
 	if (new_pag)
 	    k_setpag();	/* Put users process in an new pag */
-	krb_afslog(0, 0);
+	if (k_afs_cell_of_file (homedir, cell, sizeof(cell)) == 0)
+	    krb_afslog_uid_home (cell, NULL, uid, homedir);
+	krb_afslog_uid_home(NULL, NULL, uid, homedir);
     }
-    execle(pwd->pw_shell, cp, "-c", cmdbuf, 0, envinit);
-    err(1, "%s", pwd->pw_shell);
+    execle(shell_path, cp, "-c", cmdbuf, 0, envinit);
+    err(1, "%s", shell_path);
 }
 
 /*
diff --git a/crypto/kerberosIV/appl/bsd/su.c b/crypto/kerberosIV/appl/bsd/su.c
index cb24591c074e..7fc63ee91552 100644
--- a/crypto/kerberosIV/appl/bsd/su.c
+++ b/crypto/kerberosIV/appl/bsd/su.c
@@ -33,20 +33,20 @@
 
 #include "bsd_locl.h"
 
-RCSID ("$Id: su.c,v 1.70 1999/11/13 06:14:11 assar Exp $");
+RCSID ("$Id: su.c,v 1.70.2.2 2000/12/07 14:04:19 assar Exp $");
 
 #ifdef SYSV_SHADOW
 #include "sysv_shadow.h"
 #endif
 
-static int kerberos (char *username, char *user, int uid);
+static int kerberos (char *username, char *user, char *realm, int uid);
 static int chshell (char *sh);
 static char *ontty (void);
 static int koktologin (char *name, char *realm, char *toname);
 static int chshell (char *sh);
 
 /* Handle '-' option after all the getopt options */
-#define	ARGSTR	"Kflmti:"
+#define	ARGSTR	"Kkflmti:r:"
 
 int destroy_tickets = 0;
 static int use_kerberos = 1;
@@ -63,15 +63,22 @@ main (int argc, char **argv)
     enum { UNSET, YES, NO } iscsh = UNSET;
     char *user, *shell, *avshell, *username, **np;
     char shellbuf[MaxPathLen], avshellbuf[MaxPathLen];
+    char *realm = NULL;
 
     set_progname (argv[0]);
 
+    if (getuid() == 0)
+    	use_kerberos = 0;
+
     asme = asthem = fastlogin = 0;
     while ((ch = getopt (argc, argv, ARGSTR)) != -1)
 	switch ((char) ch) {
 	case 'K':
 	    use_kerberos = 0;
 	    break;
+	case 'k':
+	    use_kerberos = 1;
+	    break;
 	case 'f':
 	    fastlogin = 1;
 	    break;
@@ -89,10 +96,13 @@ main (int argc, char **argv)
 	case 'i':
 	    root_inst = optarg;
 	    break;
+	case 'r':
+	    realm = optarg;
+	    break;
 	case '?':
 	default:
 	    fprintf (stderr,
-		     "usage: su [-Kflmt] [-i root-instance] [-] [login]\n");
+		     "usage: su [-Kkflmt] [-i root-instance] [-r realm] [-] [login]\n");
 	    exit (1);
 	}
     /* Don't handle '-' option with getopt */
@@ -150,7 +160,7 @@ main (int argc, char **argv)
 	syslog (LOG_ALERT, "NIS attack, user %s has uid 0", user);
 	errx (1, "unknown login %s", user);
     }
-    if (!use_kerberos || kerberos (username, user, pwd->pw_uid)) {
+    if (!use_kerberos || kerberos (username, user, realm, pwd->pw_uid)) {
 #ifndef PASSWD_FALLBACK
 	errx (1, "won't use /etc/passwd authentication");
 #endif
@@ -225,12 +235,22 @@ main (int argc, char **argv)
 
     if (setgid (pwd->pw_gid) < 0)
 	err (1, "setgid");
-    if (initgroups (user, pwd->pw_gid))
-	errx (1, "initgroups failed.");
+    if (initgroups (user, pwd->pw_gid)) {
+        if (errno == E2BIG)    /* Member of too many groups! */
+	    warn("initgroups failed.");
+	else
+	    errx(1, "initgroups failed.");
+    }
 
     if (setuid (pwd->pw_uid) < 0)
 	err (1, "setuid");
 
+    if (pwd->pw_uid != 0 && setuid(0) != -1) {
+      syslog(LOG_ALERT | LOG_AUTH,
+	     "Failed to drop privileges for user %s", pwd->pw_name);
+      errx(1, "Sorry");
+    }
+
     if (!asme) {
 	if (asthem) {
 	    char *k = getenv ("KRBTKFILE");
@@ -321,19 +341,26 @@ ontty (void)
 }
 
 static int
-kerberos (char *username, char *user, int uid)
+kerberos (char *username, char *user, char *lrealm, int uid)
 {
     KTEXT_ST ticket;
     AUTH_DAT authdata;
     struct hostent *hp;
     int kerno;
     u_long faddr;
-    char lrealm[REALM_SZ], krbtkfile[MaxPathLen];
+    char tmp_realm[REALM_SZ], krbtkfile[MaxPathLen];
     char hostname[MaxHostNameLen], savehost[MaxHostNameLen];
+    int n;
+    int allowed = 0;
 
-    if (krb_get_lrealm (lrealm, 1) != KSUCCESS)
-	return (1);
-    if (koktologin (username, lrealm, user) && !uid) {
+    if (lrealm != NULL) {
+	allowed = koktologin (username, lrealm, user) == 0;
+    } else {
+	for (n = 1; !allowed && krb_get_lrealm (tmp_realm, n) == KSUCCESS; ++n)
+	    allowed = koktologin (username, tmp_realm, user) == 0;
+	lrealm = tmp_realm;
+    }
+    if (!allowed && !uid) {
 #ifndef PASSWD_FALLBACK
 	warnx ("not in %s's ACL.", user);
 #endif
@@ -416,7 +443,11 @@ kerberos (char *username, char *user, int uid)
     }
     strlcpy (savehost, krb_get_phost (hostname), sizeof (savehost));
 
-    kerno = krb_mk_req (&ticket, "rcmd", savehost, lrealm, 33);
+    for (n = 1; krb_get_lrealm (tmp_realm, n) == KSUCCESS; ++n) {
+	kerno = krb_mk_req (&ticket, "rcmd", savehost, tmp_realm, 33);
+	if (kerno == 0)
+	    break;
+    }
 
     if (kerno == KDC_PR_UNKNOWN) {
 	warnx ("Warning: TGT not verified.");
diff --git a/crypto/kerberosIV/appl/ftp/ChangeLog b/crypto/kerberosIV/appl/ftp/ChangeLog
index e2e1bb5f4dfa..0136a4bace0e 100644
--- a/crypto/kerberosIV/appl/ftp/ChangeLog
+++ b/crypto/kerberosIV/appl/ftp/ChangeLog
@@ -1,3 +1,11 @@
+2000-03-26  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ls.c, ftpd/ftpcmd.y, ftp/cmds.c: make sure to always call
+	time, ctime, and gmtime with `time_t's.  there were some types
+	(like in lastlog) that we believed to always be time_t.  this has
+	proven wrong on Solaris 8 in 64-bit mode, where they are stored as
+	32-bit quantities but time_t has gone up to 64 bits
+
 1999-11-30  Assar Westerlund  <assar@sics.se>
 
 	* ftpd/ftpd.c (getdatasock): make sure to keep the port-number of
diff --git a/crypto/kerberosIV/appl/ftp/ftp/cmds.c b/crypto/kerberosIV/appl/ftp/ftp/cmds.c
index 7698313c252e..1b989320d544 100644
--- a/crypto/kerberosIV/appl/ftp/ftp/cmds.c
+++ b/crypto/kerberosIV/appl/ftp/ftp/cmds.c
@@ -36,7 +36,7 @@
  */
 
 #include "ftp_locl.h"
-RCSID("$Id: cmds.c,v 1.36 1999/09/16 20:37:28 assar Exp $");
+RCSID("$Id: cmds.c,v 1.36.2.2 2000/06/23 02:43:49 assar Exp $");
 
 typedef void (*sighand)(int);
 
@@ -647,6 +647,7 @@ getit(int argc, char **argv, int restartit, char *mode)
 			int cmdret;
 			int yy, mo, day, hour, min, sec;
 			struct tm *tm;
+			time_t mtime = stbuf.st_mtime;
 
 			overbose = verbose;
 			if (debug == 0)
@@ -665,7 +666,7 @@ getit(int argc, char **argv, int restartit, char *mode)
 				return (0);
 			}
 
-			tm = gmtime(&stbuf.st_mtime);
+			tm = gmtime(&mtime);
 			tm->tm_mon++;
 			tm->tm_year += 1900;
 
diff --git a/crypto/kerberosIV/appl/ftp/ftp/ftp.c b/crypto/kerberosIV/appl/ftp/ftp/ftp.c
index 833fb085b2e9..848debd778e1 100644
--- a/crypto/kerberosIV/appl/ftp/ftp/ftp.c
+++ b/crypto/kerberosIV/appl/ftp/ftp/ftp.c
@@ -32,7 +32,7 @@
  */
 
 #include "ftp_locl.h"
-RCSID ("$Id: ftp.c,v 1.60 1999/10/28 19:32:17 assar Exp $");
+RCSID ("$Id: ftp.c,v 1.60.2.1 2000/06/23 02:45:40 assar Exp $");
 
 struct sockaddr_storage hisctladdr_ss;
 struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss;
@@ -193,8 +193,9 @@ login (char *host)
 	    printf ("Name (%s:%s): ", host, myname);
 	else
 	    printf ("Name (%s): ", host);
-	fgets (tmp, sizeof (tmp) - 1, stdin);
-	tmp[strlen (tmp) - 1] = '\0';
+	*tmp = '\0';
+	if (fgets (tmp, sizeof (tmp) - 1, stdin) != NULL)
+	    tmp[strlen (tmp) - 1] = '\0';
 	if (*tmp == '\0')
 	    user = myname;
 	else
@@ -203,24 +204,26 @@ login (char *host)
     strlcpy(username, user, sizeof(username));
     n = command("USER %s", user);
     if (n == CONTINUE) {
-	if(sec_complete)
-	    pass = myname;
-	else if (pass == NULL) {
+	if (pass == NULL) {
 	    char prompt[128];
 	    if(myname && 
-	       (!strcmp(user, "ftp") || !strcmp(user, "anonymous"))){
+	       (!strcmp(user, "ftp") || !strcmp(user, "anonymous"))) {
 		snprintf(defaultpass, sizeof(defaultpass), 
 			 "%s@%s", myname, mydomain);
 		snprintf(prompt, sizeof(prompt), 
 			 "Password (%s): ", defaultpass);
-	    }else{
+	    } else if (sec_complete) {
+		pass = myname;
+	    } else {
 		*defaultpass = '\0';
 		snprintf(prompt, sizeof(prompt), "Password: ");
 	    }
-	    pass = defaultpass;
-	    des_read_pw_string (tmp, sizeof (tmp), prompt, 0);
-	    if (tmp[0])
-		pass = tmp;
+	    if (pass == NULL) {
+		pass = defaultpass;
+		des_read_pw_string (tmp, sizeof (tmp), prompt, 0);
+		if (tmp[0])
+		    pass = tmp;
+	    }
 	}
 	n = command ("PASS %s", pass);
     }
diff --git a/crypto/kerberosIV/appl/ftp/ftp/main.c b/crypto/kerberosIV/appl/ftp/ftp/main.c
index dfe9e882bc1f..929acac1da0b 100644
--- a/crypto/kerberosIV/appl/ftp/ftp/main.c
+++ b/crypto/kerberosIV/appl/ftp/ftp/main.c
@@ -36,7 +36,7 @@
  */
 
 #include "ftp_locl.h"
-RCSID("$Id: main.c,v 1.27 1999/11/13 06:18:02 assar Exp $");
+RCSID("$Id: main.c,v 1.27.2.1 2000/10/10 13:01:50 assar Exp $");
 
 int
 main(int argc, char **argv)
@@ -244,8 +244,10 @@ cmdscanner(int top)
 	if (fromatty) {
 	    char *p;
 	    p = readline("ftp> ");
-	    if(p == NULL)
+	    if(p == NULL) {
+		printf("\n");
 		quit(0, 0);
+	    }
 	    strlcpy(line, p, sizeof(line));
 	    add_history(p);
 	    free(p);
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y b/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y
index 07ff9a5b2d8d..c48202967926 100644
--- a/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y
+++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y
@@ -43,7 +43,7 @@
 %{
 
 #include "ftpd_locl.h"
-RCSID("$Id: ftpcmd.y,v 1.56 1999/10/26 11:56:23 assar Exp $");
+RCSID("$Id: ftpcmd.y,v 1.56.2.2 2000/06/23 02:48:19 assar Exp $");
 
 off_t	restart_point;
 
@@ -577,7 +577,7 @@ cmd
 		}
 	| SYST CRLF
 		{
-#if defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY)
+#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
 		    reply(215, "UNIX Type: L%d", NBBY);
 #else
 		    reply(215, "UNKNOWN Type: L%d", NBBY);
@@ -620,7 +620,9 @@ cmd
 					      "%s: not a plain file.", $3);
 				} else {
 					struct tm *t;
-					t = gmtime(&stbuf.st_mtime);
+					time_t mtime = stbuf.st_mtime;
+
+					t = gmtime(&mtime);
 					reply(213,
 					      "%04d%02d%02d%02d%02d%02d",
 					      t->tm_year + 1900,
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c b/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c
index d3c9a6ac4598..51daa3fae0e5 100644
--- a/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c
+++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c
@@ -38,7 +38,7 @@
 #endif
 #include "getarg.h"
 
-RCSID("$Id: ftpd.c,v 1.131 1999/11/30 19:18:38 assar Exp $");
+RCSID("$Id: ftpd.c,v 1.131.2.4 2000/09/26 09:30:26 assar Exp $");
 
 static char version[] = "Version 6.00";
 
@@ -195,14 +195,13 @@ parse_auth_level(char *str)
  * Print usage and die.
  */
 
-static int debug_flag;
 static int interactive_flag;
 static char *guest_umask_string;
 static char *port_string;
 static char *umask_string;
 static char *auth_string;
 
-int use_builtin_ls;
+int use_builtin_ls = -1;
 
 static int help_flag;
 static int version_flag;
@@ -216,8 +215,8 @@ struct getargs args[] = {
     { NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" },
     { NULL, 'T', arg_integer, &maxtimeout, "max timeout" },
     { NULL, 'u', arg_string, &umask_string, "umask for user logins" },
-    { NULL, 'd', arg_flag, &debug_flag, "enable debugging" },
-    { NULL, 'v', arg_flag, &debug_flag, "enable debugging" },
+    { NULL, 'd', arg_flag, &debug, "enable debugging" },
+    { NULL, 'v', arg_flag, &debug, "enable debugging" },
     { "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" },
     { "version", 0, arg_flag, &version_flag },
     { "help", 'h', arg_flag, &help_flag }
@@ -232,6 +231,24 @@ usage (int code)
     exit (code);
 }
 
+/* output contents of a file */
+static int
+show_file(const char *file, int code)
+{
+    FILE *f;
+    char buf[128];
+
+    f = fopen(file, "r");
+    if(f == NULL)
+	return -1;
+    while(fgets(buf, sizeof(buf), f)){
+	buf[strcspn(buf, "\r\n")] = '\0';
+	lreply(code, "%s", buf);
+    }
+    fclose(f);
+    return 0;
+}
+
 int
 main(int argc, char **argv)
 {
@@ -377,27 +394,12 @@ main(int argc, char **argv)
     tmpline[0] = '\0';
 
     /* If logins are disabled, print out the message. */
-    if ((fd = fopen(_PATH_NOLOGIN,"r")) != NULL) {
-	while (fgets(line, sizeof(line), fd) != NULL) {
-	    if ((cp = strchr(line, '\n')) != NULL)
-		*cp = '\0';
-	    lreply(530, "%s", line);
-	}
-	fflush(stdout);
-	fclose(fd);
+    if(show_file(_PATH_NOLOGIN, 530) == 0) {
 	reply(530, "System not available.");
 	exit(0);
     }
-    if ((fd = fopen(_PATH_FTPWELCOME, "r")) != NULL) {
-	while (fgets(line, sizeof(line), fd) != NULL) {
-	    if ((cp = strchr(line, '\n')) != NULL)
-		*cp = '\0';
-	    lreply(220, "%s", line);
-	}
-	fflush(stdout);
-	fclose(fd);
-	/* reply(220,) must follow */
-    }
+    show_file(_PATH_FTPWELCOME, 220);
+    /* reply(220,) must follow */
     gethostname(hostname, sizeof(hostname));
 	
     reply(220, "%s FTP server (%s"
@@ -704,24 +706,6 @@ checkaccess(char *name)
 #undef	ALLOWED
 #undef	NOT_ALLOWED
 
-/* output contents of /etc/issue.net, or /etc/issue */
-static void
-show_issue(int code)
-{
-    FILE *f;
-    char buf[128];
-
-    f = fopen("/etc/issue.net", "r");
-    if(f == NULL)
-	f = fopen("/etc/issue", "r");
-    if(f){
-	while(fgets(buf, sizeof(buf), f)){
-	    buf[strcspn(buf, "\r\n")] = '\0';
-	    lreply(code, "%s", buf);
-	}
-	fclose(f);
-    }
-}
 
 int do_login(int code, char *passwd)
 {
@@ -765,28 +749,33 @@ int do_login(int code, char *passwd)
 	reply(550, "Can't set uid.");
 	return -1;
     }
+
+    if(use_builtin_ls == -1) {
+	struct stat st;
+	/* if /bin/ls exist and is a regular file, use it, otherwise
+           use built-in ls */
+	if(stat("/bin/ls", &st) == 0 &&
+	   S_ISREG(st.st_mode))
+	    use_builtin_ls = 0;
+	else
+	    use_builtin_ls = 1;
+    }
+
     /*
      * Display a login message, if it exists.
      * N.B. reply(code,) must follow the message.
      */
-    if ((fd = fopen(_PATH_FTPLOGINMESG, "r")) != NULL) {
-	char *cp, line[LINE_MAX];
-
-	while (fgets(line, sizeof(line), fd) != NULL) {
-	    if ((cp = strchr(line, '\n')) != NULL)
-		*cp = '\0';
-	    lreply(code, "%s", line);
-	}
-    }
+    show_file(_PATH_FTPLOGINMESG, code);
+    if(show_file(_PATH_ISSUE_NET, code) != 0)
+	show_file(_PATH_ISSUE, code);
     if (guest) {
-	show_issue(code);
 	reply(code, "Guest login ok, access restrictions apply.");
 #ifdef HAVE_SETPROCTITLE
 	snprintf (proctitle, sizeof(proctitle),
 		  "%s: anonymous/%s",
 		  remotehost,
 		  passwd);
-	setproctitle(proctitle);
+	setproctitle("%s", proctitle);
 #endif /* HAVE_SETPROCTITLE */
 	if (logging) {
 	    char data_addr[256];
@@ -803,11 +792,10 @@ int do_login(int code, char *passwd)
 		   passwd);
 	}
     } else {
-	show_issue(code);
 	reply(code, "User %s logged in.", pw->pw_name);
 #ifdef HAVE_SETPROCTITLE
 	snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name);
-	setproctitle(proctitle);
+	setproctitle("%s", proctitle);
 #endif /* HAVE_SETPROCTITLE */
 	if (logging) {
 	    char data_addr[256];
@@ -957,8 +945,8 @@ retrieve(const char *cmd, char *name)
 			{".tar", "/bin/gtar cPf - %s", NULL},
 			{".tar.gz", "/bin/gtar zcPf - %s", NULL},
 			{".tar.Z", "/bin/gtar ZcPf - %s", NULL},
-			{".gz", "/bin/gzip -c %s", "/bin/gzip -c -d %s"},
-			{".Z", "/bin/compress -c %s", "/bin/uncompress -c -d %s"},
+			{".gz", "/bin/gzip -c -- %s", "/bin/gzip -c -d -- %s"},
+			{".Z", "/bin/compress -c -- %s", "/bin/uncompress -c -- %s"},
 			{NULL, NULL}
 		    };
 		    struct cmds *p;
@@ -1211,7 +1199,7 @@ dataconn(const char *name, off_t size, const char *mode)
 	    *sizebuf = '\0';
 	if (pdata >= 0) {
 		struct sockaddr_storage from_ss;
-		struct sockaddr *from = (struct sockaddr *)&from;
+		struct sockaddr *from = (struct sockaddr *)&from_ss;
 		int s;
 		int fromlen = sizeof(from_ss);
 
@@ -1501,7 +1489,7 @@ statfilecmd(char *filename)
 	int c;
 	char line[LINE_MAX];
 
-	snprintf(line, sizeof(line), "/bin/ls -la %s", filename);
+	snprintf(line, sizeof(line), "/bin/ls -la -- %s", filename);
 	fin = ftpd_popen(line, "r", 1, 0);
 	lreply(211, "status of %s:", filename);
 	while ((c = getc(fin)) != EOF) {
@@ -1782,7 +1770,7 @@ dolog(struct sockaddr *sa)
 	inaddr2str (sin->sin_addr, remotehost, sizeof(remotehost));
 #ifdef HAVE_SETPROCTITLE
 	snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
-	setproctitle(proctitle);
+	setproctitle("%s", proctitle);
 #endif /* HAVE_SETPROCTITLE */
 
 	if (logging) {
@@ -2093,9 +2081,9 @@ list_file(char *file)
 	pdata = -1;
     } else {
 #ifdef HAVE_LS_A
-	const char *cmd = "/bin/ls -lA %s";
+	const char *cmd = "/bin/ls -lA -- %s";
 #else
-	const char *cmd = "/bin/ls -la %s";
+	const char *cmd = "/bin/ls -la -- %s";
 #endif
 	retrieve(cmd, file);
     }
@@ -2146,8 +2134,8 @@ send_file_list(char *whichf)
        */
       if (dirname[0] == '-' && *dirlist == NULL &&
 	  transflag == 0) {
-	retrieve("/bin/ls %s", dirname);
-	goto out;
+	  list_file(dirname);
+	  goto out;
       }
       perror_reply(550, whichf);
       if (dout != NULL) {
@@ -2241,7 +2229,7 @@ find(char *pattern)
     FILE *f;
 
     snprintf(line, sizeof(line),
-	     "/bin/locate -d %s %s",
+	     "/bin/locate -d %s -- %s",
 	     ftp_rooted("/etc/locatedb"),
 	     pattern);
     f = ftpd_popen(line, "r", 1, 1);
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ls.c b/crypto/kerberosIV/appl/ftp/ftpd/ls.c
index 97eb77ed906d..6e2c9a188cae 100644
--- a/crypto/kerberosIV/appl/ftp/ftpd/ls.c
+++ b/crypto/kerberosIV/appl/ftp/ftpd/ls.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -32,7 +32,7 @@
 
 #include "ftpd_locl.h"
 
-RCSID("$Id: ls.c,v 1.13 1999/11/20 20:49:41 assar Exp $");
+RCSID("$Id: ls.c,v 1.13.2.2 2000/06/23 02:51:09 assar Exp $");
 
 struct fileinfo {
     struct stat st;
@@ -164,9 +164,10 @@ make_fileinfo(const char *filename, struct fileinfo *file, int flags)
 
     {
 	time_t t = time(NULL);
-	struct tm *tm = localtime(&st->st_mtime);
-	if((t - st->st_mtime > 6*30*24*60*60) ||
-	   (st->st_mtime - t > 6*30*24*60*60))
+	time_t mtime = st->st_mtime;
+	struct tm *tm = localtime(&mtime);
+	if((t - mtime > 6*30*24*60*60) ||
+	   (mtime - t > 6*30*24*60*60))
 	    strftime(buf, sizeof(buf), "%b %e  %Y", tm);
 	else
 	    strftime(buf, sizeof(buf), "%b %e %H:%M", tm);
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h b/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h
index 1bd2be1a1efa..ff2041bb6c79 100644
--- a/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h
+++ b/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h
@@ -53,3 +53,6 @@
 #define	_PATH_FTPCHROOT		"/etc/ftpchroot"
 #define	_PATH_FTPWELCOME	"/etc/ftpwelcome"
 #define	_PATH_FTPLOGINMESG	"/etc/motd"
+
+#define _PATH_ISSUE		"/etc/issue"
+#define _PATH_ISSUE_NET		"/etc/issue.net"
diff --git a/crypto/kerberosIV/appl/kauth/ChangeLog b/crypto/kerberosIV/appl/kauth/ChangeLog
index a770682f713b..7ce281cd53cc 100644
--- a/crypto/kerberosIV/appl/kauth/ChangeLog
+++ b/crypto/kerberosIV/appl/kauth/ChangeLog
@@ -1,3 +1,14 @@
+2000-02-28  Assar Westerlund  <assar@sics.se>
+
+	* kauth.c (main): don't enable aflag with `-d'.  this breaks with
+	kaservers that don't let you get a ticket for a user and besides,
+	adding debugging should not change the functionality
+
+1999-12-06  Assar Westerlund  <assar@sics.se>
+
+	* rkinit.c (doit_host): NAT work-around
+	* kauthd.c (doit): type correctness
+
 1999-08-31  Johan Danielsson  <joda@pdc.kth.se>
 
 	* kauth.c: cleanup usage string; handle `kauth -h' gracefully
diff --git a/crypto/kerberosIV/appl/kauth/Makefile.in b/crypto/kerberosIV/appl/kauth/Makefile.in
index 278facc21cc4..1e8a4c1ebc84 100644
--- a/crypto/kerberosIV/appl/kauth/Makefile.in
+++ b/crypto/kerberosIV/appl/kauth/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.40 1999/03/10 19:01:11 joda Exp $
+# $Id: Makefile.in,v 1.40.16.1 2000/06/23 02:52:31 assar Exp $
 
 SHELL = /bin/sh
 
@@ -17,6 +17,7 @@ WFLAGS = @WFLAGS@
 LD_FLAGS = @LD_FLAGS@
 INSTALL = @INSTALL@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT  = @INSTALL_SCRIPT@
 LIBS = @LIBS@
 MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
 
@@ -28,9 +29,10 @@ bindir = @bindir@
 transform=@program_transform_name@
 EXECSUFFIX=@EXECSUFFIX@
 
-PROG_BIN	= kauth$(EXECSUFFIX) ksrvtgt
+PROG_BIN	= kauth$(EXECSUFFIX)
+SCRIPT_BIN	= ksrvtgt
 PROG_LIBEXEC	= kauthd$(EXECSUFFIX)
-PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
+PROGS = $(PROG_BIN) $(SCRIPT_BIN) $(PROG_LIBEXEC)
 
 SOURCES_KAUTH  = kauth.c rkinit.c
 SOURCES_KAUTHD = kauthd.c
@@ -58,6 +60,9 @@ install: all
 	for x in $(PROG_BIN); do \
 	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
 	done
+	for x in $(SCRIPT_BIN); do \
+	  $(INSTALL_SCRIPT) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
+	done
 	if test -f $(DESTDIR)$(bindir)/zrefresh -o -r  $(DESTDIR)$(bindir)/zrefresh; then \
 	  true; \
 	else \
@@ -68,7 +73,7 @@ install: all
 	done
 
 uninstall:
-	for x in $(PROG_BIN); do \
+	for x in $(PROG_BIN) $(SCRIPT_BIN); do \
 	  rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
 	done
 	for x in $(PROG_LIBEXEC); do \
diff --git a/crypto/kerberosIV/appl/kauth/kauth.c b/crypto/kerberosIV/appl/kauth/kauth.c
index 13448a040dda..3f6f0bcd6abe 100644
--- a/crypto/kerberosIV/appl/kauth/kauth.c
+++ b/crypto/kerberosIV/appl/kauth/kauth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -41,7 +41,7 @@
 
 #include "kauth.h"
 
-RCSID("$Id: kauth.c,v 1.97 1999/12/02 16:58:31 joda Exp $");
+RCSID("$Id: kauth.c,v 1.97.2.1 2000/02/28 03:42:51 assar Exp $");
 
 krb_principal princ;
 static char srvtab[MaxPathLen];
@@ -233,7 +233,6 @@ main(int argc, char **argv)
 	case 'd':
 	    krb_enable_debug();
 	    _kafs_debug = 1;
-	    aflag++;
 	    break;
 	case 'f':
 	    strlcpy(srvtab, optarg, sizeof(srvtab));
diff --git a/crypto/kerberosIV/appl/kauth/kauthd.c b/crypto/kerberosIV/appl/kauth/kauthd.c
index 8dae4d0a45c5..d99f2a3b3673 100644
--- a/crypto/kerberosIV/appl/kauth/kauthd.c
+++ b/crypto/kerberosIV/appl/kauth/kauthd.c
@@ -33,7 +33,7 @@
 
 #include "kauth.h"
 
-RCSID("$Id: kauthd.c,v 1.25 1999/12/02 16:58:31 joda Exp $");
+RCSID("$Id: kauthd.c,v 1.25.2.1 2000/06/28 19:07:58 assar Exp $");
 
 krb_principal princ;
 static char locuser[SNAME_SZ];
@@ -128,7 +128,7 @@ doit(int sock)
      if( kuserok(&auth, locuser) != 0) {
 	 snprintf(buf, sizeof(buf), "%s cannot get tickets for %s",
 		  locuser, krb_unparse_name(&princ));
-	 syslog (LOG_ERR, buf);
+	 syslog (LOG_ERR, "%s", buf);
 	 write_encrypted (sock, buf, strlen(buf), schedule,
 			  &auth.session, &thisaddr, &thataddr);
 	 return 1;
@@ -136,7 +136,7 @@ doit(int sock)
      passwd = k_getpwnam (locuser);
      if (passwd == NULL) {
 	  snprintf (buf, sizeof(buf), "No user '%s'", locuser);
-	  syslog (LOG_ERR, buf);
+	  syslog (LOG_ERR, "%s", buf);
 	  write_encrypted (sock, buf, strlen(buf), schedule,
 			   &auth.session, &thisaddr, &thataddr);
 	  return 1;
@@ -145,7 +145,7 @@ doit(int sock)
 	 initgroups(passwd->pw_name, passwd->pw_gid) ||
 	 setuid(passwd->pw_uid)) {
 	  snprintf (buf, sizeof(buf), "Could not change user");
-	  syslog (LOG_ERR, buf);
+	  syslog (LOG_ERR, "%s", buf);
 	  write_encrypted (sock, buf, strlen(buf), schedule,
 			   &auth.session, &thisaddr, &thataddr);
 	  return 1;
@@ -182,7 +182,7 @@ doit(int sock)
 	  return 0;
      } else {
 	  snprintf (buf, sizeof(buf), "TGT failed: %s", krb_get_err_text(status));
-	  syslog (LOG_NOTICE, buf);
+	  syslog (LOG_NOTICE, "%s", buf);
 	  write_encrypted (sock, buf, strlen(buf), schedule,
 			   &auth.session, &thisaddr, &thataddr);
 	  return 1;
diff --git a/crypto/kerberosIV/appl/kip/Makefile.in b/crypto/kerberosIV/appl/kip/Makefile.in
index 801c3f962825..16ed049d2508 100644
--- a/crypto/kerberosIV/appl/kip/Makefile.in
+++ b/crypto/kerberosIV/appl/kip/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.18 1999/03/10 19:01:11 joda Exp $
+# $Id: Makefile.in,v 1.18.4.1 2000/06/23 02:54:59 assar Exp $
 
 SHELL = /bin/sh
 
@@ -8,12 +8,13 @@ VPATH = @srcdir@
 CC = @CC@
 LINK = @LINK@
 AR = ar
-DEFS = @DEFS@
+DEFS = @DEFS@ -DLIBEXECDIR="\"$(libexecdir)\""
 CFLAGS = @CFLAGS@ $(WFLAGS)
 WFLAGS = @WFLAGS@
 LD_FLAGS = @LD_FLAGS@
 INSTALL = @INSTALL@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
 LIBS = @LIBS@
 MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
 
@@ -27,7 +28,8 @@ EXECSUFFIX=@EXECSUFFIX@
 
 PROG_BIN	= kip$(EXECSUFFIX)
 PROG_LIBEXEC	= kipd$(EXECSUFFIX)
-PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
+SCRIPT_LIBEXEC	= kip-join-network kipd-control
+PROGS = $(PROG_BIN) $(PROG_LIBEXEC) $(SCRIPT_LIBEXEC)
 
 SOURCES_KIP     = kip.c
 SOURCES_KIPD    = kipd.c
@@ -55,6 +57,9 @@ install: all
 	for x in $(PROG_LIBEXEC); do \
 	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
 	done
+	for x in $(SCRIPT_LIBEXEC); do \
+	  $(INSTALL_SCRIPT) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
 
 uninstall:
 	for x in $(PROG_BIN); do \
@@ -63,6 +68,9 @@ uninstall:
 	for x in $(PROG_LIBEXEC); do \
 	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
 	done
+	for x in $(SCRIPT_LIBEXEC); do \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
 
 TAGS: $(SOURCES)
 	etags $(SOURCES)
@@ -91,4 +99,12 @@ kipd$(EXECSUFFIX): $(OBJECTS_KIPD)
 
 $(OBJECTS): ../../include/config.h
 
+kip-join-network: kip-join-network.in
+	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/kip-join-network.in > $@
+	chmod +x $@
+
+kipd-control: kipd-control.in
+	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/kipd-control.in > $@
+	chmod +x $@
+
 .PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/appl/kip/common.c b/crypto/kerberosIV/appl/kip/common.c
index c97fe9fb2122..4feb9c8eea46 100644
--- a/crypto/kerberosIV/appl/kip/common.c
+++ b/crypto/kerberosIV/appl/kip/common.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,7 +33,10 @@
 
 #include "kip.h"
 
-RCSID("$Id: common.c,v 1.13 1999/12/02 16:58:31 joda Exp $");
+RCSID("$Id: common.c,v 1.13.2.4 2000/10/18 23:31:51 assar Exp $");
+
+sig_atomic_t disconnect = 0;
+int isserver = 0;
 
 /*
  * Copy packets from `tundev' to `netdev' or vice versa.
@@ -56,16 +59,23 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
 
      memcpy (&iv1, iv, sizeof(iv1));
      memcpy (&iv2, iv, sizeof(iv2));
-     for (;;) {
+     while(!disconnect) {
 	  fd_set fdset;
 	  int ret, len;
 
+	  if (tundev >= FD_SETSIZE || netdev >= FD_SETSIZE) {
+	      warnx ("fd too large");
+	      return 1;
+	  }
+
 	  FD_ZERO(&fdset);
 	  FD_SET(tundev, &fdset);
 	  FD_SET(netdev, &fdset);
 
 	  ret = select (max(tundev, netdev)+1, &fdset, NULL, NULL, NULL);
-	  if (ret < 0 && errno != EINTR) {
+	  if (ret < 0) {
+	      if (errno == EINTR)
+		  continue;
 	      warn ("select");
 	      return 1;
 	  }
@@ -107,6 +117,21 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
 	       des_cfb64_encrypt (buf, buf, 2, schedule,
 				  &iv2, &num2, DES_DECRYPT);
 	       len = (buf[0] << 8 ) | buf[1];
+	       if (len > mtu) {
+		   fatal (-1, "buffer too large", schedule, &iv2);
+		   return -1;
+	       }
+
+	       if (len == 0) {
+		   len = read (netdev, buf, mtu);
+		   if (len < 1)
+		       len = 1;
+		   buf[len-1] = '\0';
+
+		   fatal (-1, buf, schedule, &iv2);
+		   return -1;
+	       }
+
 	       ret = krb_net_read (netdev, buf + 2, len);
 	       if (ret == 0)
 		    return 0;
@@ -127,6 +152,7 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
 	       }
 	  }
      }
+     return 0;
 }
 
 /*
@@ -148,18 +174,19 @@ childhandler (int sig)
 
 /*
  * Find a free tunnel device and open it.
+ * Return the interface name in `name, len'.
  */
 
 int
-tunnel_open (void)
+tunnel_open (char *name, size_t len)
 {
      int fd;
      int i;
-     char name[64];
+     char devname[256];
 
      for (i = 0; i < 256; ++i) {
-	  snprintf (name, sizeof(name), "%s%s%d", _PATH_DEV, TUNDEV, i);
-	  fd = open (name, O_RDWR, 0);
+	  snprintf (devname, len, "%s%s%d", _PATH_DEV, TUNDEV, i);
+	  fd = open (devname, O_RDWR, 0);
 	  if (fd >= 0)
 	       break;
 	  if (errno == ENOENT || errno == ENODEV) {
@@ -169,5 +196,107 @@ tunnel_open (void)
      }
      if (fd < 0)
 	 warn("open %s" ,name);
+     else
+	 snprintf (name, len, "%s%d", TUNDEV, i);
      return fd;
 }
+
+/*
+ * run the command `cmd' with (...).  return 0 if succesful or error
+ * otherwise (and copy an error messages into `msg, len')
+ */
+
+int
+kip_exec (const char *cmd, char *msg, size_t len, ...)
+{
+    pid_t pid;
+    char **argv;
+    va_list ap;
+
+    va_start(ap, len);
+    argv = vstrcollect(&ap);
+    va_end(ap);
+
+    pid = fork();
+    switch (pid) {
+    case -1:
+	snprintf (msg, len, "fork: %s", strerror(errno));
+	return errno;
+    case 0: {
+	int fd = open (_PATH_DEVNULL, O_RDWR, 0600);
+	if (fd < 0) {
+	    snprintf (msg, len, "open " _PATH_DEVNULL ": %s", strerror(errno));
+	    return errno;
+	}
+
+	close (STDIN_FILENO);
+	close (STDOUT_FILENO);
+	close (STDERR_FILENO);
+	
+	dup2 (fd, STDIN_FILENO);
+	dup2 (fd, STDOUT_FILENO);
+	dup2 (fd, STDERR_FILENO);
+
+	execvp (cmd, argv);
+	snprintf (msg, len, "execvp %s: %s", cmd, strerror(errno));
+	return errno;
+    }
+    default: {
+	int status;
+
+	while (waitpid(pid, &status, 0) < 0)
+	    if (errno != EINTR) {
+		snprintf (msg, len, "waitpid: %s", strerror(errno));
+		return errno;
+	    }
+
+	if (WIFEXITED(status)) {
+	    if (WEXITSTATUS(status) == 0) {
+		return 0;
+	    } else {
+		snprintf (msg, len, "child returned with %d", 
+			  WEXITSTATUS(status));
+		return 1;
+	    }
+	} else if (WIFSIGNALED(status)) {
+#ifndef WCOREDUMP
+#define WCOREDUMP(X) 0
+#endif
+	    snprintf (msg, len, "terminated by signal num %d %s",
+		      WTERMSIG(status), 
+		      WCOREDUMP(status) ? " coredumped" : "");
+	    return 1;
+	} else if (WIFSTOPPED(status)) {
+	    snprintf (msg, len, "process stoped by signal %d",
+		      WSTOPSIG(status));
+	    return 1;
+	} else {
+	    snprintf (msg, len, "child died in mysterious circumstances");
+	    return 1;
+	}
+    }
+    }
+}
+
+/*
+ * fatal error `s' occured.
+ */
+
+void
+fatal (int fd, const char *s, des_key_schedule schedule, des_cblock *iv)
+{
+     int16_t err = 0;
+     int num = 0;
+
+     if (fd != -1) {
+	 des_cfb64_encrypt ((unsigned char*) &err, (unsigned char*) &err,
+			    sizeof(err), schedule, iv, &num, DES_ENCRYPT);
+
+	 write (fd, &err, sizeof(err));
+	 write (fd, s, strlen(s)+1);
+     }
+     if (isserver)
+	 syslog(LOG_ERR, "%s", s);
+     else
+	 warnx ("fatal error: %s", s);
+}
diff --git a/crypto/kerberosIV/appl/kip/kip-join-network.in b/crypto/kerberosIV/appl/kip/kip-join-network.in
new file mode 100644
index 000000000000..c105fe6ba62a
--- /dev/null
+++ b/crypto/kerberosIV/appl/kip/kip-join-network.in
@@ -0,0 +1,53 @@
+#!/bin/sh
+# $Id$
+#
+# Join a network, see kipd-control from more comments.
+#
+
+PATH=/usr/sbin:/sbin:/usr/bin:/bin:%bindir%
+
+endpointhost=130.237.43.201
+thispointhost=130.237.43.17
+fakepoint=10.0.0.1
+dev=tun0
+
+case $# in
+    0)
+        modprobe tun
+	def=$(route -n | awk '$1 ~ /0.0.0.0/ && $3 ~ /0.0.0.0/ { print $2 }')
+
+	if test "X$def" = "X" ; then
+		echo "missing default route"
+		exit 1
+	fi
+
+	exec kip -c $0 -a $def $endpointhost
+	;;
+    *)
+	state=$1
+	dev=$2
+	host=$3
+	arg=$4
+	case $state in
+	up)
+		ifconfig $dev $thispointhost pointopoint $fakepoint
+		route delete default
+
+		route add -host $endpointhost gw $arg
+		route add default gw $fakepoint
+		;;
+	down)
+
+		echo $dev $arg > /tmp/kip-down
+
+		ifconfig $dev down
+
+		route delete default
+		route delete $endpointhost
+		route add default gw $arg
+		;;
+	*)
+		exit 17
+	;;
+	esac
+esac
diff --git a/crypto/kerberosIV/appl/kip/kip.c b/crypto/kerberosIV/appl/kip/kip.c
index 667a8d856a5c..55b6032031b7 100644
--- a/crypto/kerberosIV/appl/kip/kip.c
+++ b/crypto/kerberosIV/appl/kip/kip.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,14 +33,31 @@
 
 #include "kip.h"
 
-RCSID("$Id: kip.c,v 1.18 1999/12/02 16:58:31 joda Exp $");
+RCSID("$Id: kip.c,v 1.18.2.1 2000/06/23 02:55:01 assar Exp $");
 
-static void
-usage(void)
+static char *cmd_str		= NULL;
+static char *arg_str		= NULL;
+static char *port_str		= NULL;
+static int version_flag		= 0;
+static int help_flag		= 0;
+
+struct getargs args[] = {
+    { "port",		'p',	arg_string,	&port_str,	"Use this port",
+      "port" },
+    { "cmd",		'c',	arg_string,	&cmd_str,
+      "command to run when starting", "cmd"},
+    { "arg",		'a',	arg_string,	&arg_str,
+      "argument to above command", "arg"},
+    { "version",	0, 	arg_flag,		&version_flag },
+    { "help",		0, 	arg_flag,		&help_flag }
+};
+
+
+static RETSIGTYPE
+disconnecthandler (int sig)
 {
-     fprintf (stderr, "Usage: %s host\n",
-	      __progname);
-     exit (1);
+     disconnect = 1;
+     SIGRETURN(0);
 }
 
 /*
@@ -48,7 +65,8 @@ usage(void)
  */
 
 static int
-connect_host (char *host, des_cblock *key, des_key_schedule schedule)
+connect_host (char *host, int port,
+	      des_cblock *key, des_key_schedule schedule)
 {
      CREDENTIALS cred;
      KTEXT_ST text;
@@ -70,7 +88,7 @@ connect_host (char *host, des_cblock *key, des_key_schedule schedule)
 
      memset (&thataddr, 0, sizeof(thataddr));
      thataddr.sin_family = AF_INET;
-     thataddr.sin_port   = k_getportbyname ("kip", "tcp", htons(KIPPORT));
+     thataddr.sin_port   = port;
 
      for(p = hostent->h_addr_list; *p; ++p) {
 	 memcpy (&thataddr.sin_addr, *p, sizeof(thataddr.sin_addr));
@@ -139,19 +157,50 @@ connect_host (char *host, des_cblock *key, des_key_schedule schedule)
  */
 
 static int
-doit (char *host)
+doit (char *host, int port)
 {
+     char tun_if_name[64];
      des_key_schedule schedule;
      des_cblock iv;
-     int other, this;
+     int other, this, ret;
 
-     other = connect_host (host, &iv, schedule);
+     other = connect_host (host, port, &iv, schedule);
      if (other < 0)
 	  return 1;
-     this = tunnel_open ();
+     this = tunnel_open (tun_if_name, sizeof(tun_if_name));
      if (this < 0)
 	  return 1;
-     return copy_packets (this, other, TUNMTU, &iv, schedule);
+
+     if (cmd_str) {
+	 char buf[1024];
+	 ret = kip_exec (cmd_str, buf, sizeof(buf),
+			 "kip-control", "up", tun_if_name, host, arg_str,
+			 NULL);
+	 if (ret)
+	     errx (1, "%s (up) failed: %s", cmd_str, buf);
+     }
+
+     ret = copy_packets (this, other, TUNMTU, &iv, schedule);
+
+     if (cmd_str) {
+	 char buf[1024];
+	 ret = kip_exec (cmd_str, buf, sizeof(buf),
+			 "kip-control", "down", tun_if_name, host, arg_str,
+			 NULL);
+	 if (ret)
+	     errx (1, "%s (down) failed: %s", cmd_str, buf);
+     }
+     return 0;
+}
+
+static void
+usage(int ret)
+{
+    arg_printusage (args,
+		    sizeof(args) / sizeof(args[0]),
+		    NULL,
+		    "hostname");
+    exit (ret);
 }
 
 /*
@@ -162,9 +211,51 @@ doit (char *host)
 int
 main(int argc, char **argv)
 {
+    int port;
+    int optind = 0;
+    char *hostname;
+
     set_progname (argv[0]);
+    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
+		&optind))
+	usage (1);
+
+    if (help_flag)
+	usage (0);
+
+    if (version_flag) {
+	print_version (NULL);
+	return 0;
+    }
+
+    argv += optind;
+    argc -= optind;
+
+    if (argc != 1)
+	usage (1);
+    
+    hostname = argv[0];
+
+    if(port_str) {
+	struct servent *s = roken_getservbyname (port_str, "tcp");
+
+	if (s)
+	    port = s->s_port;
+	else {
+	    char *ptr;
+
+	    port = strtol (port_str, &ptr, 10);
+	    if (port == 0 && ptr == port_str)
+		errx (1, "bad port `%s'", port_str);
+	    port = htons(port);
+	}
+    } else {
+	port = k_getportbyname ("kip", "tcp", htons(KIPPORT));
+    }
+
+    signal (SIGCHLD, childhandler);
+    signal (SIGHUP,  disconnecthandler);
+    signal (SIGTERM, disconnecthandler);
 
-    if (argc != 2)
-	usage ();
-    return doit (argv[1]);
+    return doit (hostname, port);
 }
diff --git a/crypto/kerberosIV/appl/kip/kip.h b/crypto/kerberosIV/appl/kip/kip.h
index dc748dffa79a..7bfc5f15ab2f 100644
--- a/crypto/kerberosIV/appl/kip/kip.h
+++ b/crypto/kerberosIV/appl/kip/kip.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: kip.h,v 1.18 1999/12/02 16:58:31 joda Exp $ */
+/* $Id: kip.h,v 1.18.2.1 2000/06/23 02:55:01 assar Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -44,7 +44,6 @@
 #include <errno.h>
 #include <pwd.h>
 #include <signal.h>
-#include <paths.h>
 #include <fcntl.h>
 #ifdef HAVE_SYSLOG_H
 #include <syslog.h>
@@ -72,14 +71,20 @@
 #include <netinet/tcp.h>
 #endif
 #include <netdb.h>
+#ifdef HAVE_SYS_SOCKIO_H
 #include <sys/sockio.h>
+#endif
 #include <net/if.h>
 #ifdef HAVE_NET_IF_VAR_H
 #include <net/if_var.h>
 #endif
+#ifdef HAVE_NET_IF_TUN_H
 #include <net/if_tun.h>
+#endif
 #include <err.h>
 
+#include <getarg.h>
+
 #ifdef SOCKS
 #include <socks.h>
 #endif
@@ -90,6 +95,10 @@
 
 #define TUNDEV "tun"
 
+#ifndef TUNMTU
+#define TUNMTU 1500		/* everything is ethernet :) */
+#endif
+
 #define KIPPORT 2112
 
 #define KIP_VERSION "KIPSRV.0"
@@ -100,5 +109,14 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
 
 RETSIGTYPE childhandler (int);
 
+extern sig_atomic_t disconnect;
+extern int isserver;
+
+int
+tunnel_open (char *, size_t);
+
+void
+fatal (int fd, const char *s, des_key_schedule schedule, des_cblock *iv);
+
 int
-tunnel_open (void);
+kip_exec (const char *cmd, char *msg, size_t len, ...);
diff --git a/crypto/kerberosIV/appl/kip/kipd-control.in b/crypto/kerberosIV/appl/kip/kipd-control.in
new file mode 100644
index 000000000000..8fb0e9bb0b83
--- /dev/null
+++ b/crypto/kerberosIV/appl/kip/kipd-control.in
@@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# $Id$
+#
+# Simple example how you can missuse kip to provide "mobile-ip".
+# This is since there is no way to tunnel ip over udp or any other
+# protocol. There is also problems to get thru firewalls and NATs
+# with mobile-ip since (today) they usully doesn't support IPIP or
+# GRE.
+#
+# All commands are for linux (redhat6.1) but it should be quite 
+# simple to fix it to support other OS.
+#
+
+PATH=/sbin:/usr/sbin:/usr/bin:/bin
+
+# arguments are: [up|down] dev remote-peer-addr user
+
+state=$1
+dev=$2
+remote=$3
+user=$4
+
+outdevice=eth0
+
+case "$state" in
+    up)
+        case "$user" in
+            lha.root@E.KTH.SE)
+                ifconfig $dev 10.0.0.1 pointopoint 130.237.43.17
+                route add -host 130.237.43.17 gw 10.0.0.1
+                arp -H ether -i $outdevice \
+                    -s 130.237.43.17 00:80:c8:82:83:61 pub
+            ;;
+        esac
+        ;;
+    down)
+        case "$user" in
+            lha.root@E.KTH.SE)
+                ifconfig $dev 0.0.0.0
+                ifconfig $dev down
+                arp -i $outdevice -d 130.237.43.17
+                arp -d 130.237.43.17
+                true
+            ;;
+        *)
+            ifconfig $dev down
+            ;;
+        esac
+        ;;
+    *)
+        exit 17
+        ;;
+esac
diff --git a/crypto/kerberosIV/appl/kip/kipd.c b/crypto/kerberosIV/appl/kip/kipd.c
index 429f815e6a1d..74e8ac2986c2 100644
--- a/crypto/kerberosIV/appl/kip/kipd.c
+++ b/crypto/kerberosIV/appl/kip/kipd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,22 +33,11 @@
 
 #include "kip.h"
 
-RCSID("$Id: kipd.c,v 1.16 1999/12/02 16:58:31 joda Exp $");
-
-static int
-fatal (int fd, char *s)
-{
-     u_char err = 1;
-
-     write (fd, &err, sizeof(err));
-     write (fd, s, strlen(s)+1);
-     syslog(LOG_ERR, s);
-     return err;
-}
+RCSID("$Id: kipd.c,v 1.16.2.3 2000/10/18 20:46:45 assar Exp $");
 
 static int
 recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
-	   struct sockaddr_in *retaddr)
+	   struct sockaddr_in *retaddr, char *user, size_t len)
 {
      int status;
      KTEXT_ST ticket;
@@ -80,13 +69,21 @@ recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
 	  return 1;
      }
      passwd = k_getpwnam ("root");
-     if (passwd == NULL)
-	  return fatal (sock, "Cannot find root");
-     if (kuserok(&auth, "root") != 0)
-	  return fatal (sock, "Permission denied");
+     if (passwd == NULL) {
+	  fatal (sock, "Cannot find root", schedule, &auth.session);
+	  return 1;
+     }
+     if (kuserok(&auth, "root") != 0) {
+	  fatal (sock, "Permission denied", schedule, &auth.session);
+	  return 1;
+     }
      if (write (sock, &ok, sizeof(ok)) != sizeof(ok))
 	  return 1;
 
+     snprintf (user, len, "%s%s%s@%s", auth.pname, 
+	       auth.pinst[0] != '\0' ? "." : "",
+	       auth.pinst, auth.prealm);
+
      memcpy(key, &auth.session, sizeof(des_cblock));
      *retaddr = thataddr;
      return 0;
@@ -95,17 +92,64 @@ recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
 static int
 doit(int sock)
 {
+     char msg[1024];
+     char cmd[MAXPATHLEN];
+     char tun_if_name[64];
+     char user[MAX_K_NAME_SZ];
      struct sockaddr_in thataddr;
      des_key_schedule schedule;
      des_cblock key;
-     int this;
+     int this, ret, ret2;
 
-     if (recv_conn (sock, &key, schedule, &thataddr))
+     isserver = 1;
+
+     if (recv_conn (sock, &key, schedule, &thataddr, user, sizeof(user)))
 	  return 1;
-     this = tunnel_open ();
+     this = tunnel_open (tun_if_name, sizeof(tun_if_name));
      if (this < 0)
-	  fatal (sock, "Cannot open " _PATH_DEV TUNDEV);
-     return copy_packets (this, sock, TUNMTU, &key, schedule);
+	  fatal (sock, "Cannot open " _PATH_DEV TUNDEV, schedule, &key);
+
+     strlcpy(cmd, LIBEXECDIR "/kipd-control", sizeof(cmd));
+
+     ret = kip_exec (cmd, msg, sizeof(msg), "kipd-control",
+		     "up", tun_if_name, inet_ntoa(thataddr.sin_addr), user,
+		     NULL);
+     if (ret) {
+	 fatal (sock, msg, schedule, &key);
+	 return -1;
+     }
+
+     ret = copy_packets (this, sock, TUNMTU, &key, schedule);
+     
+     ret2 = kip_exec (cmd,  msg, sizeof(msg), "kipd-control",
+		      "down", tun_if_name, user, NULL);
+     if (ret2)
+	 syslog(LOG_ERR, "%s", msg);
+     return ret;
+}
+
+static char *port_str		= NULL;
+static int inetd_flag		= 1;
+static int version_flag		= 0;
+static int help_flag		= 0;
+
+struct getargs args[] = {
+    { "inetd",		'i',	arg_negative_flag,	&inetd_flag,
+      "Not started from inetd" },
+    { "port",		'p',	arg_string,	&port_str,	"Use this port",
+      "port" },
+    { "version",	0, 	arg_flag,		&version_flag },
+    { "help",		0, 	arg_flag,		&help_flag }
+};
+
+static void
+usage(int ret)
+{
+    arg_printusage (args,
+		    sizeof(args) / sizeof(args[0]),
+		    NULL,
+		    "");
+    exit (ret);
 }
 
 /*
@@ -115,9 +159,44 @@ doit(int sock)
 int
 main (int argc, char **argv)
 {
-    set_progname (argv[0]);
+    int port;
+    int optind = 0;
 
+    set_progname (argv[0]);
     roken_openlog(__progname, LOG_PID|LOG_CONS, LOG_DAEMON);
+
+    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
+		&optind))
+	usage (1);
+
+    if (help_flag)
+	usage (0);
+
+    if (version_flag) {
+	print_version (NULL);
+	return 0;
+    }
+
+    if(port_str) {
+	struct servent *s = roken_getservbyname (port_str, "tcp");
+
+	if (s)
+	    port = s->s_port;
+	else {
+	    char *ptr;
+
+	    port = strtol (port_str, &ptr, 10);
+	    if (port == 0 && ptr == port_str)
+		errx (1, "bad port `%s'", port_str);
+	    port = htons(port);
+	}
+    } else {
+	port = k_getportbyname ("kip", "tcp", htons(KIPPORT));
+    }
+
+    if (!inetd_flag)
+	mini_inetd (port);
+
     signal (SIGCHLD, childhandler);
-    return doit(0);
+    return doit(STDIN_FILENO);
 }
diff --git a/crypto/kerberosIV/appl/push/push.8 b/crypto/kerberosIV/appl/push/push.8
index 5066b375cfb7..0cf4a6cd0fec 100644
--- a/crypto/kerberosIV/appl/push/push.8
+++ b/crypto/kerberosIV/appl/push/push.8
@@ -1,4 +1,4 @@
-.\" $Id: push.8,v 1.3.16.1 1999/12/06 17:25:27 assar Exp $
+.\" $Id: push.8,v 1.3.16.2 2000/06/23 03:06:11 assar Exp $
 .\"
 .Dd May 31, 1998
 .Dt PUSH 8
@@ -127,7 +127,8 @@ using Kerberos 5.
 .Sh SEE ALSO
 .Xr movemail 8 ,
 .Xr popper 8 ,
-.Xr from 1
+.Xr from 1 ,
+.Xr pfrom 1
 .\".Sh STANDARDS
 .Sh HISTORY
 .Nm
diff --git a/crypto/kerberosIV/appl/push/push.cat8 b/crypto/kerberosIV/appl/push/push.cat8
index bdd380491baf..1c0b7a4b9b5e 100644
--- a/crypto/kerberosIV/appl/push/push.cat8
+++ b/crypto/kerberosIV/appl/push/push.cat8
@@ -1,5 +1,5 @@
 
-PUSH(8)                  UNIX System Manager's Manual                  PUSH(8)
+PUSH(8)                     System Manager's Manual                    PUSH(8)
 
 NNAAMMEE
      ppuusshh - fetch mail via POP
@@ -69,7 +69,7 @@ EEXXAAMMPPLLEESS
      using Kerberos 5.
 
 SSEEEE AALLSSOO
-     movemail(8),  popper(8),  from(1)
+     movemail(8),  popper(8),  from(1),  pfrom(1)
 
 HHIISSTTOORRYY
      ppuusshh was written while waiting for mmoovveemmaaiill to finish getting the mail.
diff --git a/crypto/kerberosIV/appl/sample/sample_server.c b/crypto/kerberosIV/appl/sample/sample_server.c
index 5442562f3aa3..ba4f6ab3441c 100644
--- a/crypto/kerberosIV/appl/sample/sample_server.c
+++ b/crypto/kerberosIV/appl/sample/sample_server.c
@@ -18,7 +18,7 @@
 
 #include "sample.h"
 
-RCSID("$Id: sample_server.c,v 1.14 1999/11/13 06:28:49 assar Exp $");
+RCSID("$Id: sample_server.c,v 1.14.2.1 2000/06/28 19:08:00 assar Exp $");
 
 static void
 usage (void)
@@ -108,7 +108,7 @@ main(int argc, char **argv)
 	snprintf(retbuf, sizeof(retbuf),
 		 "Kerberos error: %s\n",
 		 krb_get_err_text(status));
-	syslog(LOG_ERR, retbuf);
+	syslog(LOG_ERR, "%s", retbuf);
     } else {
 	/* Check the version string (KRB_SENDAUTH_VLEN chars) */
 	if (strncmp(version, SAMPLE_VERSION, KRB_SENDAUTH_VLEN)) {
diff --git a/crypto/kerberosIV/appl/telnet/ChangeLog b/crypto/kerberosIV/appl/telnet/ChangeLog
index 5681679d9b5e..b2c27bc113a6 100644
--- a/crypto/kerberosIV/appl/telnet/ChangeLog
+++ b/crypto/kerberosIV/appl/telnet/ChangeLog
@@ -1,3 +1,57 @@
+2000-03-26  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/sys_term.c (*): make sure to always call time, ctime,
+	and gmtime with `time_t's.  there were some types (like in
+	lastlog) that we believed to always be time_t.  this has proven
+	wrong on Solaris 8 in 64-bit mode, where they are stored as 32-bit
+	quantities but time_t has gone up to 64 bits
+
+1999-09-16  Assar Westerlund  <assar@sics.se>
+
+	* telnet/commands.c: revert 1.54, get_default_username should DTRT
+ 	now
+
+1999-09-05  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/utility.c (ttloop): make it return 1 if interrupted by a
+ 	signal, which must have been what was meant from the beginning
+
+	* telnetd/ext.h (ttloop): update prototype
+
+	* telnetd/authenc.c (telnet_spin): actually return the value from
+ 	ttloop (otherwise it's kind of bogus)
+
+1999-08-05  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/sys_term.c (rmut): free utxp
+
+1999-08-04  Assar Westerlund  <assar@sics.se>
+
+	* telnet/main.c: add -G and config file support.  From Miroslav
+ 	Ruda <ruda@ics.muni.cz>
+
+	* telnetd/sys_term.c (rmut): work around utmpx strangness.  From
+ 	Miroslav Ruda <ruda@ics.muni.cz>
+
+1999-08-02  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/telnetd.c (doit): only free hp if != NULL.  From: Jonas
+ 	Oberg <jonas@coyote.org>
+
+1999-07-29  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/telnetd.c (doit): remove unused variable mapped_sin
+
+1999-07-26  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/ext.h: update prototypes
+	
+	* telnetd/telnetd.c: make it handle v4 and v6 sockets.  (it
+	doesn't handle being given a v6 socket that's really talking to an
+	v4 adress (mapped) because the rest of the code in telnetd is not
+	able to handle it anyway).  please run two telnetd from your
+	inetd, one for v4 and one for v6.
+
 1999-07-07  Assar Westerlund  <assar@sics.se>
 
 	* telnet/commands.c (tn): extra bogus const-cast
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c
index b5c09538efa0..02e4aca2f121 100644
--- a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c
@@ -55,7 +55,7 @@
 #include <config.h>
 #endif
 
-RCSID("$Id: kerberos.c,v 1.45 1999/03/13 21:18:55 assar Exp $");
+RCSID("$Id: kerberos.c,v 1.46 1999/09/16 20:41:33 assar Exp $");
 
 #ifdef	KRB4
 #ifdef HAVE_SYS_TYPES_H
@@ -180,7 +180,7 @@ kerberos4_send(char *name, Authenticator *ap)
 
     memset(instance, 0, sizeof(instance));
 
-    strcpy_truncate (instance,
+    strlcpy (instance,
 		     krb_get_phost(RemoteHostName),
 		     INST_SZ);
 
@@ -521,7 +521,7 @@ kerberos4_status(Authenticator *ap, char *name, size_t name_sz, int level)
 	return(level);
 
     if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
-	strcpy_truncate(name, UserNameRequested, name_sz);
+	strlcpy(name, UserNameRequested, name_sz);
 	return(AUTH_VALID);
     } else
 	return(AUTH_USER);
@@ -540,11 +540,11 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
 
     switch(data[3]) {
     case KRB_REJECT:		/* Rejected (reason might follow) */
-	strcpy_truncate((char *)buf, " REJECT ", buflen);
+	strlcpy((char *)buf, " REJECT ", buflen);
 	goto common;
 
     case KRB_ACCEPT:		/* Accepted (name might follow) */
-	strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+	strlcpy((char *)buf, " ACCEPT ", buflen);
     common:
 	BUMP(buf, buflen);
 	if (cnt <= 4)
@@ -557,15 +557,15 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
 	break;
 
     case KRB_AUTH:			/* Authentication data follows */
-	strcpy_truncate((char *)buf, " AUTH", buflen);
+	strlcpy((char *)buf, " AUTH", buflen);
 	goto common2;
 
     case KRB_CHALLENGE:
-	strcpy_truncate((char *)buf, " CHALLENGE", buflen);
+	strlcpy((char *)buf, " CHALLENGE", buflen);
 	goto common2;
 
     case KRB_RESPONSE:
-	strcpy_truncate((char *)buf, " RESPONSE", buflen);
+	strlcpy((char *)buf, " RESPONSE", buflen);
 	goto common2;
 
     default:
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c
index 0b7818f762be..3e6abbb4a8be 100644
--- a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c
@@ -53,7 +53,7 @@
 
 #include <config.h>
 
-RCSID("$Id: kerberos5.c,v 1.37 1999/06/24 17:09:10 assar Exp $");
+RCSID("$Id: kerberos5.c,v 1.38 1999/09/16 20:41:33 assar Exp $");
 
 #ifdef	KRB5
 
@@ -587,7 +587,7 @@ kerberos5_status(Authenticator *ap, char *name, size_t name_sz, int level)
 		     ticket->client,
 		     UserNameRequested))
 	{
-	    strcpy_truncate(name, UserNameRequested, name_sz);
+	    strlcpy(name, UserNameRequested, name_sz);
 	    return(AUTH_VALID);
 	} else
 	    return(AUTH_USER);
@@ -606,11 +606,11 @@ kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
 
     switch(data[3]) {
     case KRB_REJECT:		/* Rejected (reason might follow) */
-	strcpy_truncate((char *)buf, " REJECT ", buflen);
+	strlcpy((char *)buf, " REJECT ", buflen);
 	goto common;
 
     case KRB_ACCEPT:		/* Accepted (name might follow) */
-	strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+	strlcpy((char *)buf, " ACCEPT ", buflen);
     common:
 	BUMP(buf, buflen);
 	if (cnt <= 4)
@@ -624,24 +624,24 @@ kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
 
 
     case KRB_AUTH:			/* Authentication data follows */
-	strcpy_truncate((char *)buf, " AUTH", buflen);
+	strlcpy((char *)buf, " AUTH", buflen);
 	goto common2;
 
     case KRB_RESPONSE:
-	strcpy_truncate((char *)buf, " RESPONSE", buflen);
+	strlcpy((char *)buf, " RESPONSE", buflen);
 	goto common2;
 
     case KRB_FORWARD:		/* Forwarded credentials follow */
-	strcpy_truncate((char *)buf, " FORWARD", buflen);
+	strlcpy((char *)buf, " FORWARD", buflen);
 	goto common2;
 
     case KRB_FORWARD_ACCEPT:	/* Forwarded credentials accepted */
-	strcpy_truncate((char *)buf, " FORWARD_ACCEPT", buflen);
+	strlcpy((char *)buf, " FORWARD_ACCEPT", buflen);
 	goto common2;
 
     case KRB_FORWARD_REJECT:	/* Forwarded credentials rejected */
 	/* (reason might follow) */
-	strcpy_truncate((char *)buf, " FORWARD_REJECT", buflen);
+	strlcpy((char *)buf, " FORWARD_REJECT", buflen);
 	goto common2;
 
     default:
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c b/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c
index ee1eee29e678..a85d562cc9b7 100644
--- a/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c
@@ -33,7 +33,7 @@
 
 #include <config.h>
 
-RCSID("$Id: krb4encpwd.c,v 1.17 1998/07/09 23:16:29 assar Exp $");
+RCSID("$Id: krb4encpwd.c,v 1.18 1999/09/16 20:41:34 assar Exp $");
 
 #ifdef	KRB4_ENCPWD
 /*
@@ -308,7 +308,7 @@ krb4encpwd_reply(ap, data, cnt)
 		des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
 		UserPassword = user_passwd;
 		Challenge = challenge;
-		strcpy_truncate(instance, RemoteHostName, sizeof(instance));
+		strlcpy(instance, RemoteHostName, sizeof(instance));
 		if ((cp = strchr(instance, '.')) != 0)  *cp = '\0';
 
 		if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) {
@@ -338,7 +338,7 @@ krb4encpwd_status(ap, name, name_sz, level)
 		return(level);
 
 	if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) {
-		strcpy_truncate(name, UserNameRequested, name_sz);
+		strlcpy(name, UserNameRequested, name_sz);
 		return(AUTH_VALID);
 	} else {
 		return(AUTH_USER);
@@ -360,11 +360,11 @@ krb4encpwd_printsub(data, cnt, buf, buflen)
 
 	switch(data[3]) {
 	case KRB4_ENCPWD_REJECT:	/* Rejected (reason might follow) */
-		strcpy_truncate((char *)buf, " REJECT ", buflen);
+		strlcpy((char *)buf, " REJECT ", buflen);
 		goto common;
 
 	case KRB4_ENCPWD_ACCEPT:	/* Accepted (name might follow) */
-		strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+		strlcpy((char *)buf, " ACCEPT ", buflen);
 	common:
 		BUMP(buf, buflen);
 		if (cnt <= 4)
@@ -377,15 +377,15 @@ krb4encpwd_printsub(data, cnt, buf, buflen)
 		break;
 
 	case KRB4_ENCPWD_AUTH:		/* Authentication data follows */
-		strcpy_truncate((char *)buf, " AUTH", buflen);
+		strlcpy((char *)buf, " AUTH", buflen);
 		goto common2;
 
 	case KRB4_ENCPWD_CHALLENGE:
-		strcpy_truncate((char *)buf, " CHALLENGE", buflen);
+		strlcpy((char *)buf, " CHALLENGE", buflen);
 		goto common2;
 
 	case KRB4_ENCPWD_ACK:
-		strcpy_truncate((char *)buf, " ACK", buflen);
+		strlcpy((char *)buf, " ACK", buflen);
 		goto common2;
 
 	default:
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c b/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c
index 267e98e0299d..dafb4486b6fa 100644
--- a/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c
@@ -33,7 +33,7 @@
 
 #include <config.h>
 
-RCSID("$Id: rsaencpwd.c,v 1.17 1998/07/09 23:16:32 assar Exp $");
+RCSID("$Id: rsaencpwd.c,v 1.18 1999/09/16 20:41:34 assar Exp $");
 
 #ifdef	RSA_ENCPWD
 /*
@@ -260,7 +260,7 @@ rsaencpwd_is(ap, data, cnt)
 		    snprintf(challenge, sizeof(challenge), "%x", now);
 		    challenge_len = strlen(challenge);
 		  } else {
-		    strcpy_truncate(challenge, "randchal", sizeof(challenge));
+		    strlcpy(challenge, "randchal", sizeof(challenge));
 		    challenge_len = 8;
 		  }
 
@@ -392,7 +392,7 @@ rsaencpwd_status(ap, name, name_sz, level)
 		return(level);
 
 	if (UserNameRequested && rsaencpwd_passwdok(UserNameRequested, UserPassword)) {
-		strcpy_truncate(name, UserNameRequested, name_sz);
+		strlcpy(name, UserNameRequested, name_sz);
 		return(AUTH_VALID);
 	} else {
 		return(AUTH_USER);
@@ -414,11 +414,11 @@ rsaencpwd_printsub(data, cnt, buf, buflen)
 
 	switch(data[3]) {
 	case RSA_ENCPWD_REJECT:	/* Rejected (reason might follow) */
-		strcpy_truncate((char *)buf, " REJECT ", buflen);
+		strlcpy((char *)buf, " REJECT ", buflen);
 		goto common;
 
 	case RSA_ENCPWD_ACCEPT:	/* Accepted (name might follow) */
-		strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+		strlcpy((char *)buf, " ACCEPT ", buflen);
 	common:
 		BUMP(buf, buflen);
 		if (cnt <= 4)
@@ -431,11 +431,11 @@ rsaencpwd_printsub(data, cnt, buf, buflen)
 		break;
 
 	case RSA_ENCPWD_AUTH:		/* Authentication data follows */
-		strcpy_truncate((char *)buf, " AUTH", buflen);
+		strlcpy((char *)buf, " AUTH", buflen);
 		goto common2;
 
 	case RSA_ENCPWD_CHALLENGEKEY:
-		strcpy_truncate((char *)buf, " CHALLENGEKEY", buflen);
+		strlcpy((char *)buf, " CHALLENGEKEY", buflen);
 		goto common2;
 
 	default:
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/spx.c b/crypto/kerberosIV/appl/telnet/libtelnet/spx.c
index 6d2eefe9438b..9155ef2f3df8 100644
--- a/crypto/kerberosIV/appl/telnet/libtelnet/spx.c
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/spx.c
@@ -33,7 +33,7 @@
 
 #include <config.h>
 
-RCSID("$Id: spx.c,v 1.16 1998/07/09 23:16:33 assar Exp $");
+RCSID("$Id: spx.c,v 1.17 1999/09/16 20:41:34 assar Exp $");
 
 #ifdef	SPX
 /*
@@ -514,7 +514,7 @@ spx_status(ap, name, name_sz, level)
 					&acl_file_buffer);
 
 	if (major_status == GSS_S_COMPLETE) {
-	  strcpy_truncate(name, UserNameRequested, name_sz);
+	  strlcpy(name, UserNameRequested, name_sz);
 	  return(AUTH_VALID);
 	} else {
 	   return(AUTH_USER);
@@ -537,11 +537,11 @@ spx_printsub(data, cnt, buf, buflen)
 
 	switch(data[3]) {
 	case SPX_REJECT:		/* Rejected (reason might follow) */
-		strcpy_truncate((char *)buf, " REJECT ", buflen);
+		strlcpy((char *)buf, " REJECT ", buflen);
 		goto common;
 
 	case SPX_ACCEPT:		/* Accepted (name might follow) */
-		strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+		strlcpy((char *)buf, " ACCEPT ", buflen);
 	common:
 		BUMP(buf, buflen);
 		if (cnt <= 4)
@@ -554,7 +554,7 @@ spx_printsub(data, cnt, buf, buflen)
 		break;
 
 	case SPX_AUTH:			/* Authentication data follows */
-		strcpy_truncate((char *)buf, " AUTH", buflen);
+		strlcpy((char *)buf, " AUTH", buflen);
 		goto common2;
 
 	default:
diff --git a/crypto/kerberosIV/appl/telnet/telnet/authenc.c b/crypto/kerberosIV/appl/telnet/telnet/authenc.c
index 08da93d943f2..6150fc7e21ca 100644
--- a/crypto/kerberosIV/appl/telnet/telnet/authenc.c
+++ b/crypto/kerberosIV/appl/telnet/telnet/authenc.c
@@ -33,7 +33,7 @@
 
 #include "telnet_locl.h"
 
-RCSID("$Id: authenc.c,v 1.9 1999/03/19 23:13:51 assar Exp $");
+RCSID("$Id: authenc.c,v 1.10 1999/09/16 20:41:35 assar Exp $");
 
 #if	defined(AUTHENTICATION) || defined(ENCRYPTION)
 int
@@ -82,7 +82,7 @@ telnet_gets(char *prompt, char *result, int length, int echo)
 		printf("%s", prompt);
 		res = fgets(result, length, stdin);
 	} else if ((res = getpass(prompt))) {
-		strcpy_truncate(result, res, length);
+		strlcpy(result, res, length);
 		res = result;
 	}
 	TerminalNewMode(om);
diff --git a/crypto/kerberosIV/appl/telnet/telnet/commands.c b/crypto/kerberosIV/appl/telnet/telnet/commands.c
index 57803fa27cb3..fe77b56d6fa7 100644
--- a/crypto/kerberosIV/appl/telnet/telnet/commands.c
+++ b/crypto/kerberosIV/appl/telnet/telnet/commands.c
@@ -33,7 +33,7 @@
 
 #include "telnet_locl.h"
 
-RCSID("$Id: commands.c,v 1.53 1999/07/07 14:56:17 assar Exp $");
+RCSID("$Id: commands.c,v 1.56 1999/09/16 20:41:35 assar Exp $");
 
 #if	defined(IPPROTO_IP) && defined(IP_TOS)
 int tos = -1;
@@ -67,7 +67,7 @@ makeargv()
     cp = line;
     if (*cp == '!') {		/* Special case shell escape */
 	/* save for shell command */
-	strcpy_truncate(saveline, line, sizeof(saveline));
+	strlcpy(saveline, line, sizeof(saveline));
 	*argp++ = "!";		/* No room in string to get this */
 	margc++;
 	cp++;
@@ -1583,7 +1583,7 @@ env_init(void)
 		if (strchr(hbuf, '.') == 0) {
 			struct hostent *he = roken_gethostbyname(hbuf);
 			if (he != NULL)
-				strcpy_truncate(hbuf, he->h_name, 256);
+				strlcpy(hbuf, he->h_name, 256);
 		}
 
 		asprintf (&cp, "%s%s", hbuf, cp2);
@@ -1981,7 +1981,7 @@ cmdrc(char *m1, char *m2)
     if (skiprc)
 	return;
 
-    strcpy_truncate(m1save, m1, sizeof(m1save));
+    strlcpy(m1save, m1, sizeof(m1save));
     m1 = m1save;
 
     if (rcname[0] == 0) {
@@ -2075,7 +2075,7 @@ tn(int argc, char **argv)
 	return 0;
     }
     if (argc < 2) {
-	strcpy_truncate(line, "open ", sizeof(line));
+	strlcpy(line, "open ", sizeof(line));
 	printf("(to) ");
 	fgets(&line[strlen(line)], sizeof(line) - strlen(line), stdin);
 	makeargv();
@@ -2146,7 +2146,7 @@ tn(int argc, char **argv)
 	    sin6.sin6_family = family = AF_INET6;
 	    sa = (struct sockaddr *)&sin6;
 	    sa_size = sizeof(sin6);
-	    strcpy_truncate(_hostname, hostp, sizeof(_hostname));
+	    strlcpy(_hostname, hostp, sizeof(_hostname));
 	    hostname =_hostname;
 	} else
 #endif
@@ -2154,7 +2154,7 @@ tn(int argc, char **argv)
 	    sin.sin_family = family = AF_INET;
 	    sa = (struct sockaddr *)&sin;
 	    sa_size = sizeof(sin);
-	    strcpy_truncate(_hostname, hostp, sizeof(_hostname));
+	    strlcpy(_hostname, hostp, sizeof(_hostname));
 	    hostname = _hostname;
 	} else {
 #ifdef HAVE_GETHOSTBYNAME2
@@ -2167,7 +2167,7 @@ tn(int argc, char **argv)
 	    host = roken_gethostbyname(hostp);
 #endif
 	    if (host) {
-		strcpy_truncate(_hostname, host->h_name, sizeof(_hostname));
+		strlcpy(_hostname, host->h_name, sizeof(_hostname));
 		family = host->h_addrtype;
 		addr_list = host->h_addr_list;
 
diff --git a/crypto/kerberosIV/appl/telnet/telnet/main.c b/crypto/kerberosIV/appl/telnet/telnet/main.c
index 2c896ebd86c5..ea60ae9a0d67 100644
--- a/crypto/kerberosIV/appl/telnet/telnet/main.c
+++ b/crypto/kerberosIV/appl/telnet/telnet/main.c
@@ -38,7 +38,7 @@ static char *copyright[] = {
 };
 
 #include "telnet_locl.h"
-RCSID("$Id: main.c,v 1.27 1999/03/11 13:49:23 joda Exp $");
+RCSID("$Id: main.c,v 1.30 1999/11/13 06:30:11 assar Exp $");
 
 /* These values need to be the same as defined in libtelnet/kerberos5.c */
 /* Either define them in both places, or put in some common header file. */
@@ -69,7 +69,7 @@ usage(void)
 {
   fprintf(stderr, "Usage: %s %s%s%s%s\n", prompt,
 #ifdef	AUTHENTICATION
-	  "[-8] [-E] [-K] [-L] [-S tos] [-X atype] [-a] [-c] [-d] [-e char]",
+	  "[-8] [-E] [-K] [-L] [-G] [-S tos] [-X atype] [-a] [-c] [-d] [-e char]",
 	  "\n\t[-k realm] [-l user] [-f/-F] [-n tracefile] ",
 #else
 	  "[-8] [-E] [-L] [-S tos] [-a] [-c] [-d] [-e char] [-l user]",
@@ -90,6 +90,11 @@ usage(void)
  */
 
 
+#ifdef	FORWARD
+extern int forward_flags;
+static int default_forward=0;
+#endif	/* FORWARD */
+
 #ifdef KRB5
 /* XXX ugly hack to setup dns-proxy stuff */
 #define Authenticator asn1_Authenticator
@@ -99,8 +104,29 @@ krb5_init(void)
 {
     krb5_context context;
     krb5_init_context(&context);
+
+#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
+    if (krb5_config_get_bool (context, NULL,
+         "libdefaults", "forward", NULL)) {
+           forward_flags |= OPTS_FORWARD_CREDS;
+           default_forward=1;
+    }
+    if (krb5_config_get_bool (context, NULL,
+         "libdefaults", "forwardable", NULL)) {
+           forward_flags |= OPTS_FORWARDABLE_CREDS;
+           default_forward=1;
+    }
+#endif
+#ifdef  ENCRYPTION
+    if (krb5_config_get_bool (context, NULL,
+        "libdefaults", "encrypt", NULL)) {
+          encrypt_auto(1);
+          decrypt_auto(1); 
+          EncryptVerbose(1);
+        }
+#endif
+
     krb5_free_context(context);
-    
 }
 #endif
 
@@ -109,9 +135,6 @@ main(int argc, char **argv)
 {
 	int ch;
 	char *user;
-#ifdef	FORWARD
-	extern int forward_flags;
-#endif	/* FORWARD */
 
 #ifdef KRB5
 	krb5_init();
@@ -137,7 +160,8 @@ main(int argc, char **argv)
 	 */
 	autologin = -1;
 
-	while((ch = getopt(argc, argv, "78DEKLS:X:abcde:fFk:l:n:rx")) != EOF) {
+	while((ch = getopt(argc, argv,
+			   "78DEKLS:X:abcde:fFk:l:n:rxG")) != -1) {
 		switch(ch) {
 		case '8':
 			eight = 3;	/* binary output and input */
@@ -202,7 +226,8 @@ main(int argc, char **argv)
 			break;
 		case 'f':
 #if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
-			if (forward_flags & OPTS_FORWARD_CREDS) {
+			if ((forward_flags & OPTS_FORWARD_CREDS) &&
+			    !default_forward) {
 			    fprintf(stderr,
 				    "%s: Only one of -f and -F allowed.\n",
 				    prompt);
@@ -217,7 +242,8 @@ main(int argc, char **argv)
 			break;
 		case 'F':
 #if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
-			if (forward_flags & OPTS_FORWARD_CREDS) {
+			if ((forward_flags & OPTS_FORWARD_CREDS) &&
+			    !default_forward) {
 			    fprintf(stderr,
 				    "%s: Only one of -f and -F allowed.\n",
 				    prompt);
@@ -237,7 +263,7 @@ main(int argc, char **argv)
 			extern char *dest_realm, dst_realm_buf[];
 			extern int dst_realm_sz;
 			dest_realm = dst_realm_buf;
-			strcpy_truncate(dest_realm, optarg, dst_realm_sz);
+			strlcpy(dest_realm, optarg, dst_realm_sz);
 		    }
 #else
 			fprintf(stderr,
@@ -269,6 +295,17 @@ main(int argc, char **argv)
 								prompt);
 #endif
 			break;
+		case 'G':
+#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
+                        forward_flags ^= OPTS_FORWARD_CREDS;
+                        forward_flags ^= OPTS_FORWARDABLE_CREDS;
+#else
+                        fprintf(stderr,
+                         "%s: Warning: -G ignored, no Kerberos V5 support.\n",
+                                prompt);
+#endif
+                        break;
+
 		case '?':
 		default:
 			usage();
diff --git a/crypto/kerberosIV/appl/telnet/telnet/network.c b/crypto/kerberosIV/appl/telnet/telnet/network.c
index faacc302b59b..42ca388b1777 100644
--- a/crypto/kerberosIV/appl/telnet/telnet/network.c
+++ b/crypto/kerberosIV/appl/telnet/telnet/network.c
@@ -33,7 +33,7 @@
 
 #include "telnet_locl.h"
 
-RCSID("$Id: network.c,v 1.10 1997/05/04 04:01:08 assar Exp $");
+RCSID("$Id: network.c,v 1.10.28.1 2000/10/10 13:08:27 assar Exp $");
 
 Ring		netoring, netiring;
 unsigned char	netobuf[2*BUFSIZ], netibuf[BUFSIZ];
@@ -69,6 +69,8 @@ stilloob(void)
 
     do {
 	FD_ZERO(&excepts);
+	if (net >= FD_SETSIZE)
+	    errx (1, "fd too large");
 	FD_SET(net, &excepts);
 	value = select(net+1, 0, 0, &excepts, &timeout);
     } while ((value == -1) && (errno == EINTR));
diff --git a/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c b/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c
index 334ef0450fbd..6bff63800261 100644
--- a/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c
+++ b/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c
@@ -33,7 +33,7 @@
 
 #include "telnet_locl.h"
 
-RCSID("$Id: sys_bsd.c,v 1.23 1998/06/09 19:24:46 joda Exp $");
+RCSID("$Id: sys_bsd.c,v 1.23.18.2 2000/10/19 21:21:21 assar Exp $");
 
 /*
  * The following routines try to encapsulate what is system dependent
@@ -774,6 +774,11 @@ process_rings(int netin,
     int returnValue = 0;
     static struct timeval TimeValue = { 0 };
 
+    if (net >= FD_SETSIZE
+	|| tout >= FD_SETSIZE
+	|| tin >= FD_SETSIZE)
+	errx (1, "fd too large");
+
     if (netout) {
 	FD_SET(net, &obits);
     }
@@ -791,7 +796,7 @@ process_rings(int netin,
 	FD_SET(net, &xbits);
     }
 #endif
-    if ((c = select(16, &ibits, &obits, &xbits,
+    if ((c = select(FD_SETSIZE, &ibits, &obits, &xbits,
 			(poll == 0)? (struct timeval *)0 : &TimeValue)) < 0) {
 	if (c == -1) {
 		    /*
diff --git a/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h b/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h
index b4a378212571..0c883d611bed 100644
--- a/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h
+++ b/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h
@@ -14,12 +14,7 @@
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *      This product includes software developed by the Kungliga Tekniska
- *      Högskolan and its contributors.
- * 
- * 4. Neither the name of the Institute nor the names of its contributors
+ * 3. Neither the name of the Institute nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
  * 
@@ -36,7 +31,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: telnet_locl.h,v 1.16.8.1 1999/07/22 03:22:52 assar Exp $ */
+/* $Id: telnet_locl.h,v 1.18 1999/12/02 16:58:34 joda Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
diff --git a/crypto/kerberosIV/appl/telnet/telnet/utilities.c b/crypto/kerberosIV/appl/telnet/telnet/utilities.c
index 5d677cf26b75..ab281a5bf64e 100644
--- a/crypto/kerberosIV/appl/telnet/telnet/utilities.c
+++ b/crypto/kerberosIV/appl/telnet/telnet/utilities.c
@@ -37,7 +37,7 @@
 
 #include "telnet_locl.h"
 
-RCSID("$Id: utilities.c,v 1.21 1998/06/09 19:24:47 joda Exp $");
+RCSID("$Id: utilities.c,v 1.22.2.1 2000/10/10 13:10:27 assar Exp $");
 
 FILE	*NetTrace = 0;		/* Not in bss, since needs to stay */
 int	prettydump;
@@ -82,13 +82,13 @@ SetNetTrace(char *file)
     if (file  && (strcmp(file, "-") != 0)) {
 	NetTrace = fopen(file, "w");
 	if (NetTrace) {
-	    strcpy_truncate(NetTraceFile, file, sizeof(NetTraceFile));
+	    strlcpy(NetTraceFile, file, sizeof(NetTraceFile));
 	    return;
 	}
 	fprintf(stderr, "Cannot open %s.\n", file);
     }
     NetTrace = stdout;
-    strcpy_truncate(NetTraceFile, "(standard output)", sizeof(NetTraceFile));
+    strlcpy(NetTraceFile, "(standard output)", sizeof(NetTraceFile));
 }
 
 void
@@ -817,6 +817,9 @@ EmptyTerminal(void)
 
     FD_ZERO(&outs);
 
+    if (tout >= FD_SETSIZE)
+	ExitString("fd too large", 1);
+
     if (TTYBYTES() == 0) {
 	FD_SET(tout, &outs);
 	select(tout+1, 0, &outs, 0,
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/authenc.c b/crypto/kerberosIV/appl/telnet/telnetd/authenc.c
index 2a95127ee6a1..ec5f2dcc1de5 100644
--- a/crypto/kerberosIV/appl/telnet/telnetd/authenc.c
+++ b/crypto/kerberosIV/appl/telnet/telnetd/authenc.c
@@ -33,7 +33,7 @@
 
 #include "telnetd.h"
 
-RCSID("$Id: authenc.c,v 1.8 1998/07/09 23:16:37 assar Exp $");
+RCSID("$Id: authenc.c,v 1.9 1999/09/05 19:14:50 assar Exp $");
 
 #ifdef AUTHENTICATION
 
@@ -63,8 +63,7 @@ net_encrypt(void)
 int
 telnet_spin(void)
 {
-    ttloop();
-    return(0);
+    return ttloop();
 }
 
 char *
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/ext.h b/crypto/kerberosIV/appl/telnet/telnetd/ext.h
index 83b7166a7185..8f5edf17929b 100644
--- a/crypto/kerberosIV/appl/telnet/telnetd/ext.h
+++ b/crypto/kerberosIV/appl/telnet/telnetd/ext.h
@@ -33,7 +33,7 @@
  *	@(#)ext.h	8.2 (Berkeley) 12/15/93
  */
 
-/* $Id: ext.h,v 1.17 1998/07/09 23:16:38 assar Exp $ */
+/* $Id: ext.h,v 1.19 1999/09/05 19:15:21 assar Exp $ */
 
 #ifndef __EXT_H__
 #define __EXT_H__
@@ -121,11 +121,9 @@ void init_env (void);
 void start_login (char *host, int autologin, char *name);
 void cleanup (int sig);
 int main (int argc, char **argv);
-void usage (void);
 int getterminaltype (char *name, size_t);
 void _gettermname (void);
 int terminaltypeok (char *s);
-void doit (struct sockaddr_in *who);
 void my_telnet (int f, int p, char*, int, char*);
 void interrupt (void);
 void sendbrk (void);
@@ -134,7 +132,7 @@ void recv_ayt (void);
 void doeof (void);
 void flowstat (void);
 void clientstat (int code, int parm1, int parm2);
-void ttloop (void);
+int ttloop (void);
 int stilloob (int s);
 void ptyflush (void);
 char *nextitem (char *current);
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c b/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c
index 09753c0cbcb9..2477c42fd1d8 100644
--- a/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c
+++ b/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c
@@ -33,7 +33,7 @@
 
 #include "telnetd.h"
 
-RCSID("$Id: sys_term.c,v 1.85.2.1 1999/07/22 03:23:19 assar Exp $");
+RCSID("$Id: sys_term.c,v 1.89.2.6 2000/12/08 23:34:05 assar Exp $");
 
 #if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H))
 # define PARENT_DOES_UTMP
@@ -388,7 +388,7 @@ int getpty(int *ptynum)
     p = _getpty(&master, O_RDWR, 0600, 1);
     if(p == NULL)
 	return -1;
-    strcpy_truncate(line, p, sizeof(Xline));
+    strlcpy(line, p, sizeof(Xline));
     return master;
 #else
 
@@ -420,7 +420,7 @@ int getpty(int *ptynum)
 #ifdef HAVE_UNLOCKPT
 	    unlockpt(p);
 #endif
-	    strcpy_truncate(line, ptsname(p), sizeof(Xline));
+	    strlcpy(line, ptsname(p), sizeof(Xline));
 	    really_stream = 1;
 	    return p;
 	}
@@ -1154,7 +1154,7 @@ startslave(char *host, int autologin, char *autoname)
 	/*
 	 * Create utmp entry for child
 	 */
-	time(&wtmp.ut_time);
+	wtmp.ut_time = time(NULL);
 	wtmp.ut_type = LOGIN_PROCESS;
 	wtmp.ut_pid = pid;
 	strncpy(wtmp.ut_user,  "LOGIN", sizeof(wtmp.ut_user));
@@ -1205,26 +1205,50 @@ init_env(void)
 /*
  * scrub_env()
  *
- * Remove variables from the environment that might cause login to
- * behave in a bad manner. To avoid this, login should be staticly
- * linked.
+ * We only accept the environment variables listed below.
  */
 
-static void scrub_env(void)
+static void
+scrub_env(void)
 {
-    static char *remove[] = { "LD_", "_RLD_", "LIBPATH=", "IFS=", NULL };
+    static const char *reject[] = {
+	"TERMCAP=/",
+	NULL
+    };
+
+    static const char *accept[] = {
+	"XAUTH=", "XAUTHORITY=", "DISPLAY=",
+	"TERM=",
+	"EDITOR=",
+	"PAGER=",
+	"PRINTER=",
+	"LOGNAME=",
+	"POSIXLY_CORRECT=",
+	"TERMCAP=",
+	NULL
+    };
 
     char **cpp, **cpp2;
-    char **p;
+    const char **p;
   
     for (cpp2 = cpp = environ; *cpp; cpp++) {
-	for(p = remove; *p; p++)
+	int reject_it = 0;
+
+	for(p = reject; *p; p++)
+	    if(strncmp(*cpp, *p, strlen(*p)) == 0) {
+		reject_it = 1;
+		break;
+	    }
+	if (reject_it)
+	    continue;
+
+	for(p = accept; *p; p++)
 	    if(strncmp(*cpp, *p, strlen(*p)) == 0)
 		break;
-	if(*p == NULL)
+	if(*p != NULL)
 	    *cpp2++ = *cpp;
     }
-    *cpp2 = 0;
+    *cpp2 = NULL;
 }
 
 
@@ -1376,7 +1400,7 @@ static int addarg(struct arg_val *argv, char *val)
 static void
 rmut(void)
 {
-    struct utmpx *utxp, utmpx;
+    struct utmpx utmpx, *non_save_utxp;
     char *clean_tty = clean_ttyname(line);
 
     /*
@@ -1387,8 +1411,14 @@ rmut(void)
     memset(&utmpx, 0, sizeof(utmpx));
     strncpy(utmpx.ut_line, clean_tty, sizeof(utmpx.ut_line));
     utmpx.ut_type = LOGIN_PROCESS;
-    utxp = getutxline(&utmpx);
-    if (utxp) {
+    non_save_utxp = getutxline(&utmpx);
+    if (non_save_utxp) {
+	struct utmpx *utxp;
+	char user0;
+
+	utxp = malloc(sizeof(struct utmpx));
+	*utxp = *non_save_utxp;
+	user0 = utxp->ut_user[0];
 	utxp->ut_user[0] = '\0';
 	utxp->ut_type = DEAD_PROCESS;
 #ifdef HAVE_STRUCT_UTMPX_UT_EXIT
@@ -1406,6 +1436,7 @@ rmut(void)
 	gettimeofday(&utxp->ut_tv, NULL);
 	pututxline(utxp);
 #ifdef WTMPX_FILE
+	utxp->ut_user[0] = user0;
 	updwtmpx(WTMPX_FILE, utxp);
 #elif defined(WTMP_FILE)
 	/* This is a strange system with a utmpx and a wtmp! */
@@ -1418,14 +1449,13 @@ rmut(void)
 #ifdef HAVE_STRUCT_UTMP_UT_HOST
 	    strncpy(wtmp.ut_host,  "", sizeof(wtmp.ut_host));
 #endif
-	    time(&wtmp.ut_time);
+	    wtmp.ut_time = time(NULL);
 	    write(f, &wtmp, sizeof(wtmp));
 	    close(f);
 	  }
 	}
-#else
-
 #endif
+	free (utxp);
     }
     endutxent();
 }  /* end of rmut */
@@ -1463,7 +1493,7 @@ rmut(void)
 #ifdef HAVE_STRUCT_UTMP_UT_HOST
 		strncpy(u->ut_host,  "", sizeof(u->ut_host));
 #endif
-		time(&u->ut_time);
+		u->ut_time = time(NULL);
 		write(f, u, sizeof(wtmp));
 		found++;
 	    }
@@ -1478,7 +1508,7 @@ rmut(void)
 #ifdef HAVE_STRUCT_UTMP_UT_HOST
 	    strncpy(wtmp.ut_host,  "", sizeof(wtmp.ut_host));
 #endif
-	    time(&wtmp.ut_time);
+	    wtmp.ut_time = time(NULL);
 	    write(f, &wtmp, sizeof(wtmp));
 	    close(f);
 	}
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c
index 73008a3d24be..0c2750e11fb3 100644
--- a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c
+++ b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c
@@ -33,7 +33,7 @@
 
 #include "telnetd.h"
 
-RCSID("$Id: telnetd.c,v 1.53 1999/03/15 16:40:52 joda Exp $");
+RCSID("$Id: telnetd.c,v 1.58.2.1 2000/10/10 13:12:08 assar Exp $");
 
 #ifdef _SC_CRAY_SECURE_SYS
 #include <sys/sysv.h>
@@ -117,7 +117,7 @@ int debug = 0;
 int keepalive = 1;
 char *progname;
 
-extern void usage (void);
+static void usage (void);
 
 /*
  * The string to pass to getopt().  We do it this way so
@@ -136,12 +136,14 @@ char valid_opts[] = "Bd:hklnS:u:UL:y"
 #endif
 		    ;
 
-void doit(struct sockaddr_in*);
+static void doit(struct sockaddr*, int);
 
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
 {
-    struct sockaddr_in from;
-    int on = 1, fromlen;
+    struct sockaddr_storage __ss;
+    struct sockaddr *sa = (struct sockaddr *)&__ss;
+    int on = 1, sa_size;
     int ch;
 #if	defined(IPPROTO_IP) && defined(IP_TOS)
     int tos = -1;
@@ -167,7 +169,7 @@ int main(int argc, char **argv)
     highpty = getnpty();
 #endif /* CRAY */
 
-    while ((ch = getopt(argc, argv, valid_opts)) != EOF) {
+    while ((ch = getopt(argc, argv, valid_opts)) != -1) {
 	switch(ch) {
 
 #ifdef	AUTHENTICATION
@@ -406,14 +408,14 @@ int main(int argc, char **argv)
 #endif	/* _SC_CRAY_SECURE_SYS */
 
     roken_openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
-    fromlen = sizeof (from);
-    if (getpeername(STDIN_FILENO, (struct sockaddr *)&from, &fromlen) < 0) {
+    sa_size = sizeof (__ss);
+    if (getpeername(STDIN_FILENO, sa, &sa_size) < 0) {
 	fprintf(stderr, "%s: ", progname);
 	perror("getpeername");
 	_exit(1);
     }
     if (keepalive &&
-	setsockopt(0, SOL_SOCKET, SO_KEEPALIVE,
+	setsockopt(STDIN_FILENO, SOL_SOCKET, SO_KEEPALIVE,
 		   (void *)&on, sizeof (on)) < 0) {
 	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
     }
@@ -428,20 +430,21 @@ int main(int argc, char **argv)
 	if (tos < 0)
 	    tos = 020;	/* Low Delay bit */
 	if (tos
-	    && (setsockopt(0, IPPROTO_IP, IP_TOS,
+	    && sa->sa_family == AF_INET
+	    && (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS,
 			   (void *)&tos, sizeof(tos)) < 0)
 	    && (errno != ENOPROTOOPT) )
 	    syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
     }
 #endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
-    net = 0;
-    doit(&from);
+    net = STDIN_FILENO;
+    doit(sa, sa_size);
     /* NOTREACHED */
     return 0;
 }  /* end of main */
 
-void
-usage()
+static void
+usage(void)
 {
     fprintf(stderr, "Usage: telnetd");
 #ifdef	AUTHENTICATION
@@ -591,12 +594,12 @@ getterminaltype(char *name, size_t name_sz)
 	 * we have to just go with what we (might) have already gotten.
 	 */
 	if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
-	    strcpy_truncate(first, terminaltype, sizeof(first));
+	    strlcpy(first, terminaltype, sizeof(first));
 	    for(;;) {
 		/*
 		 * Save the unknown name, and request the next name.
 		 */
-		strcpy_truncate(last, terminaltype, sizeof(last));
+		strlcpy(last, terminaltype, sizeof(last));
 		_gettermname();
 		if (terminaltypeok(terminaltype))
 		    break;
@@ -656,14 +659,20 @@ char remote_host_name[MaxHostNameLen];
 /*
  * Get a pty, scan input lines.
  */
-void
-doit(struct sockaddr_in *who)
+static void
+doit(struct sockaddr *who, int who_len)
 {
     char *host = NULL;
-    struct hostent *hp;
+    struct hostent *hp = NULL;
     int level;
     int ptynum;
     char user_name[256];
+    int error;
+    char host_addr[256];
+    void *addr;
+    int addr_sz;
+    const char *tmp;
+    int af;
 
     /*
      * Find an available pty to use.
@@ -688,24 +697,52 @@ doit(struct sockaddr_in *who)
     }
 #endif	/* _SC_CRAY_SECURE_SYS */
 
-    /* get name of connected client */
-    hp = roken_gethostbyaddr((const char *)&who->sin_addr,
-		       sizeof (struct in_addr),
-		       who->sin_family);
+    af = who->sa_family;
+    switch (af) {
+    case AF_INET : {
+	struct sockaddr_in *sin = (struct sockaddr_in *)who;
+
+	addr    = &sin->sin_addr;
+	addr_sz = sizeof(sin->sin_addr);
+	break;
+    }
+#ifdef HAVE_IPV6
+    case AF_INET6 : {
+	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)who;
+
+	addr    = &sin6->sin6_addr;
+	addr_sz = sizeof(sin6->sin6_addr);
+	break;
+    }
+#endif
+    default :
+	fatal (net, "Unknown address family\r\n");
+	break;
+    }
+
+    hp = getipnodebyaddr (addr, addr_sz, af, &error);
 
     if (hp == NULL && registerd_host_only) {
 	fatal(net, "Couldn't resolve your address into a host name.\r\n\
 Please contact your net administrator");
-    } else if (hp) {
+    } else if (hp != NULL) {
 	host = hp->h_name;
-    } else {
-	host = inet_ntoa(who->sin_addr);
     }
+
+    tmp = inet_ntop(af, addr, host_addr, sizeof(host_addr));
+    if (tmp == NULL)
+	strlcpy (host_addr, "unknown address", sizeof(host_addr));
+
+    if (host == NULL)
+	host = host_addr;
+
     /*
      * We must make a copy because Kerberos is probably going
      * to also do a gethost* and overwrite the static data...
      */
-    strcpy_truncate(remote_host_name, host, sizeof(remote_host_name));
+    strlcpy(remote_host_name, host, sizeof(remote_host_name));
+    if (hp != NULL)
+	freehostent (hp);
     host = remote_host_name;
 
     /* XXX - should be k_gethostname? */
@@ -725,9 +762,9 @@ Please contact your net administrator");
      * If hostname still doesn't fit utmp, use ipaddr.
      */
     if (strlen(remote_host_name) > abs(utmp_len))
-	strcpy_truncate(remote_host_name,
-		inet_ntoa(who->sin_addr),
-		sizeof(remote_host_name));
+	strlcpy(remote_host_name,
+			host_addr,
+			sizeof(remote_host_name));
 
 #ifdef AUTHENTICATION
     auth_encrypt_init(hostname, host, "TELNETD", 1);
@@ -970,6 +1007,11 @@ my_telnet(int f, int p, char *host, int level, char *autoname)
 	FD_ZERO(&ibits);
 	FD_ZERO(&obits);
 	FD_ZERO(&xbits);
+
+	if (f >= FD_SETSIZE
+	    || p >= FD_SETSIZE)
+	    fatal(net, "fd too large");
+
 	/*
 	 * Never look for input if there's still
 	 * stuff in the corresponding output buffer
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h
index 5ad5bd8798e3..fdda3d7854cb 100644
--- a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h
+++ b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h
@@ -124,10 +124,6 @@
 
 #include "defs.h"
 
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-
 #ifndef _POSIX_VDISABLE
 # ifdef VDISABLE
 #  define _POSIX_VDISABLE VDISABLE
@@ -152,12 +148,16 @@
 #include <sys/utsname.h>
 #endif
 
-#include "ext.h"
-
 #ifdef HAVE_PATHS_H
 #include <paths.h>
 #endif
 
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+
+#include "ext.h"
+
 #ifdef SOCKS
 #include <socks.h>
 /* This doesn't belong here. */
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/utility.c b/crypto/kerberosIV/appl/telnet/telnetd/utility.c
index cfca89a3a607..ff5192e06d4e 100644
--- a/crypto/kerberosIV/appl/telnet/telnetd/utility.c
+++ b/crypto/kerberosIV/appl/telnet/telnetd/utility.c
@@ -34,7 +34,7 @@
 #define PRINTOPTIONS
 #include "telnetd.h"
 
-RCSID("$Id: utility.c,v 1.20 1998/06/13 00:06:56 assar Exp $");
+RCSID("$Id: utility.c,v 1.22.2.1 2000/10/10 13:12:34 assar Exp $");
 
 /*
  * utility functions performing io related tasks
@@ -47,9 +47,11 @@ RCSID("$Id: utility.c,v 1.20 1998/06/13 00:06:56 assar Exp $");
  * data from the network, and pass it through the telnet state
  * machine.  We also flush the pty input buffer (by dropping its data)
  * if it becomes too full.
+ *
+ * return 0 if OK or 1 if interrupted by a signal.
  */
 
-void
+int
 ttloop(void)
 {
     void netflush(void);
@@ -61,10 +63,12 @@ ttloop(void)
 	netflush();
     ncc = read(net, netibuf, sizeof netibuf);
     if (ncc < 0) {
+	if (errno == EINTR)
+	    return 1;
 	syslog(LOG_INFO, "ttloop:  read: %m\n");
 	exit(1);
     } else if (ncc == 0) {
-	syslog(LOG_INFO, "ttloop:  peer died: %m\n");
+	syslog(LOG_INFO, "ttloop:  peer died\n");
 	exit(1);
     }
     DIAG(TD_REPORT, {
@@ -76,6 +80,7 @@ ttloop(void)
 	pfrontp = pbackp = ptyobuf;
 	telrcv();
     }
+    return 0;
 }  /* end of ttloop */
 
 /*
@@ -88,6 +93,9 @@ stilloob(int s)
     fd_set	excepts;
     int value;
 
+    if (s >= FD_SETSIZE)
+	fatal(ourpty, "fd too large");
+
     do {
 	FD_ZERO(&excepts);
 	FD_SET(s, &excepts);
@@ -395,7 +403,7 @@ void edithost(char *pat, char *host)
 	pat++;
     }
     if (*host)
-	strcpy_truncate (res, host,
+	strlcpy (res, host,
 			 sizeof editedhost - (res - editedhost));
     else
 	*res = '\0';
diff --git a/crypto/kerberosIV/cf/krb-find-db.m4 b/crypto/kerberosIV/cf/krb-find-db.m4
index 50800497eb5c..002730c155f1 100644
--- a/crypto/kerberosIV/cf/krb-find-db.m4
+++ b/crypto/kerberosIV/cf/krb-find-db.m4
@@ -1,4 +1,4 @@
-dnl $Id: krb-find-db.m4,v 1.5 1999/05/08 02:24:04 assar Exp $
+dnl $Id: krb-find-db.m4,v 1.5.16.1 2000/08/16 04:11:57 assar Exp $
 dnl
 dnl find a suitable database library
 dnl
@@ -28,6 +28,8 @@ for i in $1; do
 #include <fcntl.h>
 #if defined(HAVE_NDBM_H)
 #include <ndbm.h>
+#elif defined(HAVE_GDBM_NDBM_H)
+#include <gdbm/ndbm.h>
 #elif defined(HAVE_DBM_H)
 #include <dbm.h>
 #elif defined(HAVE_RPCSVC_DBM_H)
diff --git a/crypto/kerberosIV/cf/shared-libs.m4 b/crypto/kerberosIV/cf/shared-libs.m4
index 9fe576ff8b39..283898fd6673 100644
--- a/crypto/kerberosIV/cf/shared-libs.m4
+++ b/crypto/kerberosIV/cf/shared-libs.m4
@@ -1,5 +1,5 @@
 dnl
-dnl $Id: shared-libs.m4,v 1.4 1999/07/13 17:47:09 assar Exp $
+dnl $Id: shared-libs.m4,v 1.4.14.3 2000/12/07 18:03:00 bg Exp $
 dnl
 dnl Shared library stuff has to be different everywhere
 dnl
@@ -65,7 +65,7 @@ case "${host}" in
 	install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
 	;;
 changequote(,)dnl
-*-*-freebsd[34]*)
+*-*-freebsd[345]* | *-*-freebsdelf[345]*)
 changequote([,])dnl
 	REAL_SHLIBEXT=so.$SHLIB_VERSION
 	REAL_LD_FLAGS='-Wl,-R$(libdir)'
@@ -84,9 +84,14 @@ changequote([,])dnl
 	LDSHARED='ld -shared -expect_unresolved \*'
 	;;
 *-*-solaris2*)
+	LDSHARED='$(CC) -shared -Wl,-h$(LIBNAME).so.'"${SHLIB_SONAME}"
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	build_symlink_command='$(LN_S) [$][@] $(LIBNAME).so'
+	install_symlink_command='$(LN_S) $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
+	install_symlink_command2='$(LN_S) $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
 	REAL_LD_FLAGS='-Wl,-R$(libdir)'
 	if test -z "$GCC"; then
-		LDSHARED='$(CC) -G'
+		LDSHARED='$(CC) -G -h$(LIBNAME).so.'"${SHLIB_SONAME}"
 		REAL_PICFLAGS="-Kpic"
 	fi
 	;;
diff --git a/crypto/kerberosIV/config.guess b/crypto/kerberosIV/config.guess
index 153490df2888..265ea69c4443 100644
--- a/crypto/kerberosIV/config.guess
+++ b/crypto/kerberosIV/config.guess
@@ -1,7 +1,10 @@
 #! /bin/sh
 # Attempt to guess a canonical system name.
-#   Copyright (C) 1992, 93, 94, 95, 96, 97, 1998 Free Software Foundation, Inc.
-#
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000
+#   Free Software Foundation, Inc.
+
+version='2000-09-05'
+
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 2 of the License, or
@@ -22,7 +25,7 @@
 # the same distribution terms that you use for the rest of that program.
 
 # Written by Per Bothner <bothner@cygnus.com>.
-# The master version of this file is at the FSF in /home/gd/gnu/lib.
+# Please send patches to <config-patches@gnu.org>.
 #
 # This script attempts to guess a canonical system name similar to
 # config.sub.  If it succeeds, it prints the system name on stdout, and
@@ -35,6 +38,60 @@
 # (but try to keep the structure clean).
 #
 
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of this system.
+
+Operation modes:
+  -h, --help               print this help, then exit
+  -V, --version            print version number, then exit"
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case "$1" in
+    --version | --vers* | -V )
+       echo "$version" ; exit 0 ;;
+    --help | --h* | -h )
+       echo "$usage"; exit 0 ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       exec >&2
+       echo "$me: invalid option $1"
+       echo "$help"
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+# Use $HOST_CC if defined. $CC may point to a cross-compiler
+if test x"$CC_FOR_BUILD" = x; then
+  if test x"$HOST_CC" != x; then
+    CC_FOR_BUILD="$HOST_CC"
+  else
+    if test x"$CC" != x; then
+      CC_FOR_BUILD="$CC"
+    else
+      CC_FOR_BUILD=cc
+    fi
+  fi
+fi
+
+
 # This is needed to find uname on a Pyramid OSx when run in the BSD universe.
 # (ghazi@noc.rutgers.edu 8/24/94.)
 if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
@@ -46,11 +103,49 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
 UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
 UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
 
-trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15
+dummy=dummy-$$
+trap 'rm -f $dummy.c $dummy.o $dummy; exit 1' 1 2 15
 
 # Note: order is significant - the case branches are not exclusive.
 
 case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# Netbsd (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	# Determine the machine/vendor (is the vendor relevant).
+	case "${UNAME_MACHINE}" in
+	    amiga) machine=m68k-unknown ;;
+	    arm32) machine=arm-unknown ;;
+	    atari*) machine=m68k-atari ;;
+	    sun3*) machine=m68k-sun ;;
+	    mac68k) machine=m68k-apple ;;
+	    macppc) machine=powerpc-apple ;;
+	    hp3[0-9][05]) machine=m68k-hp ;;
+	    ibmrt|romp-ibm) machine=romp-ibm ;;
+	    *) machine=${UNAME_MACHINE}-unknown ;;
+	esac
+	# The Operating System including object format.
+	if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+		| grep __ELF__ >/dev/null
+	then
+	    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+	    # Return netbsd for either.  FIX?
+	    os=netbsd
+	else
+	    os=netbsdelf
+	fi
+	# The OS release
+	release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit 0 ;;
     alpha:OSF1:*:*)
 	if test $UNAME_RELEASE = "V4.0"; then
 		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
@@ -59,59 +154,75 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 	# A Tn.n version is a released field test version.
 	# A Xn.n version is an unreleased experimental baselevel.
 	# 1.2 uses "1.2" for uname -r.
-	cat <<EOF >dummy.s
+	cat <<EOF >$dummy.s
+	.data
+\$Lformat:
+	.byte 37,100,45,37,120,10,0	# "%d-%x\n"
+
+	.text
 	.globl main
+	.align 4
 	.ent main
 main:
-	.frame \$30,0,\$26,0
-	.prologue 0
-	.long 0x47e03d80 # implver $0
-	lda \$2,259
-	.long 0x47e20c21 # amask $2,$1
-	srl \$1,8,\$2
-	sll \$2,2,\$2
-	sll \$0,3,\$0
-	addl \$1,\$0,\$0
-	addl \$2,\$0,\$0
-	ret \$31,(\$26),1
+	.frame \$30,16,\$26,0
+	ldgp \$29,0(\$27)
+	.prologue 1
+	.long 0x47e03d80 # implver \$0
+	lda \$2,-1
+	.long 0x47e20c21 # amask \$2,\$1
+	lda \$16,\$Lformat
+	mov \$0,\$17
+	not \$1,\$18
+	jsr \$26,printf
+	ldgp \$29,0(\$26)
+	mov 0,\$16
+	jsr \$26,exit
 	.end main
 EOF
-	${CC-cc} dummy.s -o dummy 2>/dev/null
+	$CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null
 	if test "$?" = 0 ; then
-		./dummy
-		case "$?" in
-			7)
+		case `./$dummy` in
+			0-0)
 				UNAME_MACHINE="alpha"
 				;;
-			15)
+			1-0)
 				UNAME_MACHINE="alphaev5"
 				;;
-			14)
+			1-1)
 				UNAME_MACHINE="alphaev56"
 				;;
-			10)
+			1-101)
 				UNAME_MACHINE="alphapca56"
 				;;
-			16)
+			2-303)
 				UNAME_MACHINE="alphaev6"
 				;;
+			2-307)
+				UNAME_MACHINE="alphaev67"
+				;;
 		esac
 	fi
-	rm -f dummy.s dummy
-	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr [[A-Z]] [[a-z]]`
+	rm -f $dummy.s $dummy
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit 0 ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
 	exit 0 ;;
     21064:Windows_NT:50:3)
 	echo alpha-dec-winnt3.5
 	exit 0 ;;
     Amiga*:UNIX_System_V:4.0:*)
-	echo m68k-cbm-sysv4
+	echo m68k-unknown-sysv4
 	exit 0;;
-    amiga:NetBSD:*:*)
-      echo m68k-cbm-netbsd${UNAME_RELEASE}
-      exit 0 ;;
     amiga:OpenBSD:*:*)
 	echo m68k-unknown-openbsd${UNAME_RELEASE}
 	exit 0 ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit 0 ;;
     arc64:OpenBSD:*:*)
 	echo mips64el-unknown-openbsd${UNAME_RELEASE}
 	exit 0 ;;
@@ -130,16 +241,16 @@ EOF
     wgrisc:OpenBSD:*:*)
 	echo mipsel-unknown-openbsd${UNAME_RELEASE}
 	exit 0 ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit 0 ;;
     arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
 	echo arm-acorn-riscix${UNAME_RELEASE}
 	exit 0;;
-    arm32:NetBSD:*:*)
-	echo arm-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
-	exit 0 ;;
     SR2?01:HI-UX/MPP:*:*)
 	echo hppa1.1-hitachi-hiuxmpp
 	exit 0;;
-    Pyramid*:OSx*:*:*|MIS*:OSx*:*:*)
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
 	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
 	if test "`(/bin/universe) 2>/dev/null`" = att ; then
 		echo pyramid-pyramid-sysv3
@@ -147,9 +258,12 @@ EOF
 		echo pyramid-pyramid-bsd
 	fi
 	exit 0 ;;
-    NILE:*:*:dcosx)
+    NILE*:*:*:dcosx)
 	echo pyramid-pyramid-svr4
 	exit 0 ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit 0 ;;
     sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
 	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
 	exit 0 ;;
@@ -189,21 +303,38 @@ EOF
     aushp:SunOS:*:*)
 	echo sparc-auspex-sunos${UNAME_RELEASE}
 	exit 0 ;;
-    atari*:NetBSD:*:*)
-	echo m68k-atari-netbsd${UNAME_RELEASE}
-	exit 0 ;;
     atari*:OpenBSD:*:*)
 	echo m68k-unknown-openbsd${UNAME_RELEASE}
 	exit 0 ;;
-    sun3*:NetBSD:*:*)
-	echo m68k-sun-netbsd${UNAME_RELEASE}
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor 
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit 0 ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit 0 ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
 	exit 0 ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit 0 ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit 0 ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit 0 ;;
     sun3*:OpenBSD:*:*)
 	echo m68k-unknown-openbsd${UNAME_RELEASE}
 	exit 0 ;;
-    mac68k:NetBSD:*:*)
-	echo m68k-apple-netbsd${UNAME_RELEASE}
-	exit 0 ;;
     mac68k:OpenBSD:*:*)
 	echo m68k-unknown-openbsd${UNAME_RELEASE}
 	exit 0 ;;
@@ -216,9 +347,6 @@ EOF
     powerpc:machten:*:*)
 	echo powerpc-apple-machten${UNAME_RELEASE}
 	exit 0 ;;
-    Power\ Macintosh:Rhapsody:*:*)
-	echo powerpc-apple-rhapsody${UNAME_RELEASE}
-        exit 0 ;;
     RISC*:Mach:*:*)
 	echo mips-dec-mach_bsd4.3
 	exit 0 ;;
@@ -228,12 +356,17 @@ EOF
     VAX*:ULTRIX*:*:*)
 	echo vax-dec-ultrix${UNAME_RELEASE}
 	exit 0 ;;
-    2020:CLIX:*:*)
+    2020:CLIX:*:* | 2430:CLIX:*:*)
 	echo clipper-intergraph-clix${UNAME_RELEASE}
 	exit 0 ;;
     mips:*:*:UMIPS | mips:*:*:RISCos)
-	sed 's/^	//' << EOF >dummy.c
-	int main (argc, argv) int argc; char **argv; {
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
 	#if defined (host_mips) && defined (MIPSEB)
 	#if defined (SYSTYPE_SYSV)
 	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
@@ -248,10 +381,10 @@ EOF
 	  exit (-1);
 	}
 EOF
-	${CC-cc} dummy.c -o dummy \
-	  && ./dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
-	  && rm dummy.c dummy && exit 0
-	rm -f dummy.c dummy
+	$CC_FOR_BUILD $dummy.c -o $dummy \
+	  && ./$dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
+	  && rm $dummy.c $dummy && exit 0
+	rm -f $dummy.c $dummy
 	echo mips-mips-riscos${UNAME_RELEASE}
 	exit 0 ;;
     Night_Hawk:Power_UNIX:*:*)
@@ -269,15 +402,18 @@ EOF
     AViiON:dgux:*:*)
         # DG/UX returns AViiON for all architectures
         UNAME_PROCESSOR=`/usr/bin/uname -p`
-        if [ $UNAME_PROCESSOR = mc88100 -o $UNAME_PROCESSOR = mc88110 ] ; then
-	if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx \
-	     -o ${TARGET_BINARY_INTERFACE}x = x ] ; then
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
 		echo m88k-dg-dgux${UNAME_RELEASE}
-	else
+	    else
 		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
 	fi
-        else echo i586-dg-dgux${UNAME_RELEASE}
-        fi
  	exit 0 ;;
     M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
 	echo m88k-dolphin-sysv3
@@ -303,7 +439,7 @@ EOF
 	exit 0 ;;
     *:AIX:2:3)
 	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
-		sed 's/^		//' << EOF >dummy.c
+		sed 's/^		//' << EOF >$dummy.c
 		#include <sys/systemcfg.h>
 
 		main()
@@ -314,8 +450,8 @@ EOF
 			exit(0);
 			}
 EOF
-		${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0
-		rm -f dummy.c dummy
+		$CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm $dummy.c $dummy && exit 0
+		rm -f $dummy.c $dummy
 		echo rs6000-ibm-aix3.2.5
 	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
 		echo rs6000-ibm-aix3.2.4
@@ -324,7 +460,8 @@ EOF
 	fi
 	exit 0 ;;
     *:AIX:*:4)
-	if /usr/sbin/lsattr -EHl proc0 | grep POWER >/dev/null 2>&1; then
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | head -1 | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -EHl ${IBM_CPU_ID} | grep POWER >/dev/null 2>&1; then
 		IBM_ARCH=rs6000
 	else
 		IBM_ARCH=powerpc
@@ -342,7 +479,7 @@ EOF
     ibmrt:4.4BSD:*|romp-ibm:BSD:*)
 	echo romp-ibm-bsd4.4
 	exit 0 ;;
-    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC NetBSD and
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
 	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
 	exit 0 ;;                           # report: romp-ibm BSD 4.3
     *:BOSX:*:*)
@@ -357,18 +494,52 @@ EOF
     hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
 	echo m68k-hp-bsd4.4
 	exit 0 ;;
-    9000/[3478]??:HP-UX:*:*)
+    9000/[34678]??:HP-UX:*:*)
 	case "${UNAME_MACHINE}" in
 	    9000/31? )            HP_ARCH=m68000 ;;
 	    9000/[34]?? )         HP_ARCH=m68k ;;
-	    9000/7?? | 9000/8?[1679] ) HP_ARCH=hppa1.1 ;;
-	    9000/8?? )            HP_ARCH=hppa1.0 ;;
+	    9000/[678][0-9][0-9])
+              sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+	(CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null ) && HP_ARCH=`./$dummy`
+	rm -f $dummy.c $dummy
 	esac
 	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
 	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
 	exit 0 ;;
     3050*:HI-UX:*:*)
-	sed 's/^	//' << EOF >dummy.c
+	sed 's/^	//' << EOF >$dummy.c
 	#include <unistd.h>
 	int
 	main ()
@@ -393,8 +564,8 @@ EOF
 	  exit (0);
 	}
 EOF
-	${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0
-	rm -f dummy.c dummy
+	$CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm $dummy.c $dummy && exit 0
+	rm -f $dummy.c $dummy
 	echo unknown-hitachi-hiuxwe2
 	exit 0 ;;
     9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
@@ -403,6 +574,9 @@ EOF
     9000/8??:4.3bsd:*:*)
 	echo hppa1.0-hp-bsd
 	exit 0 ;;
+    *9??*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit 0 ;;
     hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
 	echo hppa1.1-hp-osf
 	exit 0 ;;
@@ -419,6 +593,9 @@ EOF
     parisc*:Lites*:*:*)
 	echo hppa1.1-hp-lites
 	exit 0 ;;
+    hppa*:OpenBSD:*:*)
+	echo hppa-unknown-openbsd
+	exit 0 ;;
     C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
 	echo c1-convex-bsd
         exit 0 ;;
@@ -449,45 +626,63 @@ EOF
 	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/
 	exit 0 ;;
     CRAY*TS:*:*:*)
-	echo t90-cray-unicos${UNAME_RELEASE}
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit 0 ;;
+    CRAY*T3E:*:*:*)
+	echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit 0 ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'    
 	exit 0 ;;
     CRAY-2:*:*:*)
 	echo cray2-cray-unicos
         exit 0 ;;
     F300:UNIX_System_V:*:*)
-        FUJITSU_SYS=`uname -p | tr [A-Z] [a-z] | sed -e 's/\///'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
         FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
         echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
         exit 0 ;;
     F301:UNIX_System_V:*:*)
        echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'`
        exit 0 ;;
-    hp3[0-9][05]:NetBSD:*:*)
-	echo m68k-hp-netbsd${UNAME_RELEASE}
-	exit 0 ;;
     hp300:OpenBSD:*:*)
 	echo m68k-unknown-openbsd${UNAME_RELEASE}
 	exit 0 ;;
-    i?86:BSD/386:*:* | *:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+    i?86:BSD/386:*:* | i?86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
 	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
 	exit 0 ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit 0 ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit 0 ;;
     *:FreeBSD:*:*)
 	echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
 	exit 0 ;;
-    *:NetBSD:*:*)
-	echo ${UNAME_MACHINE}-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
-	exit 0 ;;
     *:OpenBSD:*:*)
 	echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
 	exit 0 ;;
     i*:CYGWIN*:*)
-	echo ${UNAME_MACHINE}-pc-cygwin32
+	echo ${UNAME_MACHINE}-pc-cygwin
 	exit 0 ;;
     i*:MINGW*:*)
 	echo ${UNAME_MACHINE}-pc-mingw32
 	exit 0 ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit 0 ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i386-pc-interix
+	exit 0 ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit 0 ;;
     p*:CYGWIN*:*)
-	echo powerpcle-unknown-cygwin32
+	echo powerpcle-unknown-cygwin
 	exit 0 ;;
     prep*:SunOS:5.*:*)
 	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
@@ -495,16 +690,15 @@ EOF
     *:GNU:*:*)
 	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
 	exit 0 ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit 0 ;;
     *:Linux:*:*)
-	# uname on the ARM produces all sorts of strangeness, and we need to
-	# filter it out.
-	case "$UNAME_MACHINE" in
-	  arm* | sa110*)	      UNAME_MACHINE="arm" ;;
-	esac
 
 	# The BFD linker knows what the default object file format is, so
-	# first see if it will tell us.
-	ld_help_string=`ld --help 2>&1`
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	ld_help_string=`cd /; ld --help 2>&1`
 	ld_supported_emulations=`echo $ld_help_string \
 			 | sed -ne '/supported emulations:/!d
 				    s/[ 	][ 	]*/ /g
@@ -512,68 +706,145 @@ EOF
 				    s/ .*//
 				    p'`
         case "$ld_supported_emulations" in
-	  i?86linux)  echo "${UNAME_MACHINE}-pc-linux-gnuaout"      ; exit 0 ;;
-	  i?86coff)   echo "${UNAME_MACHINE}-pc-linux-gnucoff"      ; exit 0 ;;
-	  sparclinux) echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 ;;
-	  armlinux)   echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 ;;
-	  m68klinux)  echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 ;;
-	  elf32ppc)   echo "powerpc-unknown-linux-gnu"              ; exit 0 ;;
+	  *ia64)
+		echo "${UNAME_MACHINE}-unknown-linux"
+		exit 0
+		;;
+	  i?86linux)
+		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+		exit 0
+		;;
+	  elf_i?86)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+		;;
+	  i?86coff)
+		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+		exit 0
+		;;
+	  sparclinux)
+		echo "${UNAME_MACHINE}-unknown-linux-gnuaout"
+		exit 0
+		;;
+	  armlinux)
+		echo "${UNAME_MACHINE}-unknown-linux-gnuaout"
+		exit 0
+		;;
+	  elf32arm*)
+		echo "${UNAME_MACHINE}-unknown-linux-gnuoldld"
+		exit 0
+		;;
+	  armelf_linux*)
+		echo "${UNAME_MACHINE}-unknown-linux-gnu"
+		exit 0
+		;;
+	  m68klinux)
+		echo "${UNAME_MACHINE}-unknown-linux-gnuaout"
+		exit 0
+		;;
+	  elf32ppc | elf32ppclinux)
+		# Determine Lib Version
+		cat >$dummy.c <<EOF
+#include <features.h>
+#if defined(__GLIBC__)
+extern char __libc_version[];
+extern char __libc_release[];
+#endif
+main(argc, argv)
+     int argc;
+     char *argv[];
+{
+#if defined(__GLIBC__)
+  printf("%s %s\n", __libc_version, __libc_release);
+#else
+  printf("unkown\n");
+#endif
+  return 0;
+}
+EOF
+		LIBC=""
+		$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null
+		if test "$?" = 0 ; then
+			./$dummy | grep 1\.99 > /dev/null
+			if test "$?" = 0 ; then
+				LIBC="libc1"
+			fi
+		fi	
+		rm -f $dummy.c $dummy
+		echo powerpc-unknown-linux-gnu${LIBC}
+		exit 0
+		;;
+	  shelf_linux)
+		echo "${UNAME_MACHINE}-unknown-linux-gnu"
+		exit 0
+		;;
 	esac
 
 	if test "${UNAME_MACHINE}" = "alpha" ; then
-		sed 's/^	//'  <<EOF >dummy.s
-		.globl main
-		.ent main
-	main:
-		.frame \$30,0,\$26,0
-		.prologue 0
-		.long 0x47e03d80 # implver $0
-		lda \$2,259
-		.long 0x47e20c21 # amask $2,$1
-		srl \$1,8,\$2
-		sll \$2,2,\$2
-		sll \$0,3,\$0
-		addl \$1,\$0,\$0
-		addl \$2,\$0,\$0
-		ret \$31,(\$26),1
-		.end main
+		cat <<EOF >$dummy.s
+			.data
+		\$Lformat:
+			.byte 37,100,45,37,120,10,0	# "%d-%x\n"
+
+			.text
+			.globl main
+			.align 4
+			.ent main
+		main:
+			.frame \$30,16,\$26,0
+			ldgp \$29,0(\$27)
+			.prologue 1
+			.long 0x47e03d80 # implver \$0
+			lda \$2,-1
+			.long 0x47e20c21 # amask \$2,\$1
+			lda \$16,\$Lformat
+			mov \$0,\$17
+			not \$1,\$18
+			jsr \$26,printf
+			ldgp \$29,0(\$26)
+			mov 0,\$16
+			jsr \$26,exit
+			.end main
 EOF
 		LIBC=""
-		${CC-cc} dummy.s -o dummy 2>/dev/null
+		$CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null
 		if test "$?" = 0 ; then
-			./dummy
-			case "$?" in
-			7)
+			case `./$dummy` in
+			0-0)
 				UNAME_MACHINE="alpha"
 				;;
-			15)
+			1-0)
 				UNAME_MACHINE="alphaev5"
 				;;
-			14)
+			1-1)
 				UNAME_MACHINE="alphaev56"
 				;;
-			10)
+			1-101)
 				UNAME_MACHINE="alphapca56"
 				;;
-			16)
+			2-303)
 				UNAME_MACHINE="alphaev6"
 				;;
-			esac	
+			2-307)
+				UNAME_MACHINE="alphaev67"
+				;;
+			esac
 
-			objdump --private-headers dummy | \
+			objdump --private-headers $dummy | \
 			  grep ld.so.1 > /dev/null
 			if test "$?" = 0 ; then
 				LIBC="libc1"
 			fi
-		fi	
-		rm -f dummy.s dummy
+		fi
+		rm -f $dummy.s $dummy
 		echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} ; exit 0
 	elif test "${UNAME_MACHINE}" = "mips" ; then
-	  cat >dummy.c <<EOF
-main(argc, argv)
-     int argc;
-     char *argv[];
-{
+	  cat >$dummy.c <<EOF
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
 #ifdef __MIPSEB__
   printf ("%s-unknown-linux-gnu\n", argv[1]);
 #endif
@@ -583,8 +854,12 @@ main(argc, argv)
   return 0;
 }
 EOF
-	  ${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0
-	  rm -f dummy.c dummy
+	  $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy "${UNAME_MACHINE}" && rm $dummy.c $dummy && exit 0
+	  rm -f $dummy.c $dummy
+	elif test "${UNAME_MACHINE}" = "s390"; then
+	  echo s390-ibm-linux && exit 0
+	elif test "${UNAME_MACHINE}" = "x86_64"; then
+	  echo x86_64-unknown-linux-gnu && exit 0
 	else
 	  # Either a pre-BFD a.out linker (linux-gnuoldld)
 	  # or one that does not give us useful --help.
@@ -603,12 +878,14 @@ EOF
 	    ;;
 	  esac
 	  # Determine whether the default compiler is a.out or elf
-	  cat >dummy.c <<EOF
+	  cat >$dummy.c <<EOF
 #include <features.h>
-main(argc, argv)
-     int argc;
-     char *argv[];
-{
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
 #ifdef __ELF__
 # ifdef __GLIBC__
 #  if __GLIBC__ >= 2
@@ -625,8 +902,9 @@ main(argc, argv)
   return 0;
 }
 EOF
-	  ${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0
-	  rm -f dummy.c dummy
+	  $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy "${UNAME_MACHINE}" && rm $dummy.c $dummy && exit 0
+	  rm -f $dummy.c $dummy
+	  test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
 	fi ;;
 # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.  earlier versions
 # are messed up and put the nodename in both sysname and nodename.
@@ -642,10 +920,20 @@ EOF
 	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
 	exit 0 ;;
     i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
 	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
-		echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE}
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
 	else
-		echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE}
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit 0 ;;
+    i?86:*:5:7*)
+        # Fixed at (any) Pentium or better
+        UNAME_MACHINE=i586
+        if [ ${UNAME_SYSTEM} = "UnixWare" ] ; then
+	    echo ${UNAME_MACHINE}-sco-sysv${UNAME_RELEASE}uw${UNAME_VERSION}
+	else
+	    echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE}
 	fi
 	exit 0 ;;
     i?86:*:3.2:*)
@@ -657,12 +945,20 @@ EOF
 		(/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486
 		(/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \
 			&& UNAME_MACHINE=i586
+		(/bin/uname -X|egrep '^Machine.*Pent ?II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|egrep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
 		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
 	else
 		echo ${UNAME_MACHINE}-pc-sysv32
 	fi
 	exit 0 ;;
+    i?86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit 0 ;;
     pc:*:*:*)
+	# Left here for compatibility:
         # uname -m prints for DJGPP always 'pc', but it prints nothing about
         # the processor, so we play safe by assuming i386.
 	echo i386-pc-msdosdjgpp
@@ -703,7 +999,7 @@ EOF
     mc68030:UNIX_System_V:4.*:*)
 	echo m68k-atari-sysv4
 	exit 0 ;;
-    i?86:LynxOS:2.*:*)
+    i?86:LynxOS:2.*:* | i?86:LynxOS:3.[01]*:*)
 	echo i386-unknown-lynxos${UNAME_RELEASE}
 	exit 0 ;;
     TSUNAMI:LynxOS:2.*:*)
@@ -715,6 +1011,9 @@ EOF
     SM[BE]S:UNIX_SV:*:*)
 	echo mips-dde-sysv${UNAME_RELEASE}
 	exit 0 ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit 0 ;;
     RM*:SINIX-*:*:*)
 	echo mips-sni-sysv4
 	exit 0 ;;
@@ -742,25 +1041,77 @@ EOF
     mc68*:A/UX:*:*)
 	echo m68k-apple-aux${UNAME_RELEASE}
 	exit 0 ;;
-    news*:NEWS-OS:*:6*)
+    news*:NEWS-OS:6*:*)
 	echo mips-sony-newsos6
 	exit 0 ;;
-    R3000:*System_V*:*:* | R4000:UNIX_SYSV:*:*)
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
 	if [ -d /usr/nec ]; then
 	        echo mips-nec-sysv${UNAME_RELEASE}
 	else
 	        echo mips-unknown-sysv${UNAME_RELEASE}
 	fi
         exit 0 ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit 0 ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit 0 ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit 0 ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit 0 ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit 0 ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit 0 ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit 0 ;;
+    *:Darwin:*:*)
+	echo `uname -p`-apple-darwin${UNAME_RELEASE}
+	exit 0 ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	if test "${UNAME_MACHINE}" = "x86pc"; then
+		UNAME_MACHINE=pc
+	fi
+	echo `uname -p`-${UNAME_MACHINE}-nto-qnx
+	exit 0 ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit 0 ;;
+    NSR-[KW]:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit 0 ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit 0 ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit 0 ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit 0 ;;
     *:OS/2:*:*)
 	echo ${UNAME_MACHINE}-pc-os2_emx
-	exit 0 ;;
 esac
 
 #echo '(No uname command or uname output not recognized.)' 1>&2
 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
 
-cat >dummy.c <<EOF
+cat >$dummy.c <<EOF
 #ifdef _SEQUENT_
 # include <sys/types.h>
 # include <sys/utsname.h>
@@ -798,7 +1149,10 @@ main ()
 #endif
   int version;
   version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
-  printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
   exit (0);
 #endif
 
@@ -858,8 +1212,8 @@ main ()
 }
 EOF
 
-${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy && rm dummy.c dummy && exit 0
-rm -f dummy.c dummy
+$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy && rm $dummy.c $dummy && exit 0
+rm -f $dummy.c $dummy
 
 # Apollos put the system type in the environment.
 
@@ -891,6 +1245,47 @@ then
     esac
 fi
 
-#echo '(Unable to guess system type)' 1>&2
+cat >&2 <<EOF
+$0: unable to guess system type
+
+The $version version of this script cannot recognize your system type.
+Please download the most up to date version of the config scripts:
+
+    ftp://ftp.gnu.org/pub/gnu/config/
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess version = $version
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
 
 exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "version='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/crypto/kerberosIV/config.sub b/crypto/kerberosIV/config.sub
index e3c3480b774d..42fc991d08ac 100644
--- a/crypto/kerberosIV/config.sub
+++ b/crypto/kerberosIV/config.sub
@@ -1,6 +1,10 @@
 #! /bin/sh
 # Configuration validation subroutine script, version 1.1.
-#   Copyright (C) 1991, 92-97, 1998 Free Software Foundation, Inc.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000
+#   Free Software Foundation, Inc.
+
+version='2000-09-11'
+
 # This file is (in principle) common to ALL GNU software.
 # The presence of a machine in this file suggests that SOME GNU software
 # can handle that machine.  It does not imply ALL GNU software can.
@@ -25,6 +29,8 @@
 # configuration script generated by Autoconf, you may include it under
 # the same distribution terms that you use for the rest of that program.
 
+# Please send patches to <config-patches@gnu.org>.
+#
 # Configuration subroutine to validate and canonicalize a configuration type.
 # Supply the specified configuration type as an argument.
 # If it is invalid, we print an error message on stderr and exit with code 1.
@@ -45,30 +51,61 @@
 #	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
 # It is wrong to echo any other type of specification.
 
-if [ x$1 = x ]
-then
-	echo Configuration name missing. 1>&2
-	echo "Usage: $0 CPU-MFR-OPSYS" 1>&2
-	echo "or     $0 ALIAS" 1>&2
-	echo where ALIAS is a recognized configuration type. 1>&2
-	exit 1
-fi
+me=`echo "$0" | sed -e 's,.*/,,'`
 
-# First pass through any local machine types.
-case $1 in
-	*local*)
-		echo $1
-		exit 0
-		;;
-	*)
-	;;
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help               print this help, then exit
+  -V, --version            print version number, then exit"
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case "$1" in
+    --version | --vers* | -V )
+       echo "$version" ; exit 0 ;;
+    --help | --h* | -h )
+       echo "$usage"; exit 0 ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       exec >&2
+       echo "$me: invalid option $1"
+       echo "$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit 0;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
 esac
 
 # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
 # Here we must recognize all the valid KERNEL-OS combinations.
 maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
 case $maybe_os in
-  linux-gnu*)
+  nto-qnx* | linux-gnu*)
     os=-$maybe_os
     basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
     ;;
@@ -94,15 +131,25 @@ case $os in
 	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
 	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
 	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-	-apple)
+	-apple | -axis)
 		os=
 		basic_machine=$1
 		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
 	-hiux*)
 		os=-hiuxwe2
 		;;
 	-sco5)
-		os=sco3.2v5
+		os=-sco3.2v5
 		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
 		;;
 	-sco4)
@@ -121,6 +168,9 @@ case $os in
 		os=-sco3.2v2
 		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
 		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
 	-isc)
 		os=-isc2.2
 		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
@@ -143,26 +193,46 @@ case $os in
 	-psos*)
 		os=-psos
 		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
 esac
 
 # Decode aliases for certain CPU-COMPANY combinations.
 case $basic_machine in
 	# Recognize the basic CPU types without company name.
 	# Some are omitted here because they have special meanings below.
-	tahoe | i860 | m32r | m68k | m68000 | m88k | ns32k | arc | arm \
-		| arme[lb] | pyramid | mn10200 | mn10300 \
-		| tron | a29k | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 \
-		| alpha | alphaev5 | alphaev56 | we32k | ns16k | clipper \
-		| i370 | sh | powerpc | powerpcle | 1750a | dsp16xx | pdp11 \
-		| mips64 | mipsel | mips64el | mips64orion | mips64orionel \
-		| mipstx39 | mipstx39el \
-		| sparc | sparclet | sparclite | sparc64 | v850)
+	tahoe | i860 | ia64 | m32r | m68k | m68000 | m88k | ns32k | arc | arm \
+		| arme[lb] | armv[2345] | armv[345][lb] | pyramid | mn10200 | mn10300 | tron | a29k \
+		| 580 | i960 | h8300 \
+		| x86 | ppcbe | mipsbe | mipsle | shbe | shle | armbe | armle \
+		| hppa | hppa1.0 | hppa1.1 | hppa2.0 | hppa2.0w | hppa2.0n \
+		| hppa64 \
+		| alpha | alphaev[4-8] | alphaev56 | alphapca5[67] \
+		| alphaev6[78] \
+		| we32k | ns16k | clipper | i370 | sh | sh[34] \
+		| powerpc | powerpcle \
+		| 1750a | dsp16xx | pdp11 | mips16 | mips64 | mipsel | mips64el \
+		| mips64orion | mips64orionel | mipstx39 | mipstx39el \
+		| mips64vr4300 | mips64vr4300el | mips64vr4100 | mips64vr4100el \
+		| mips64vr5000 | miprs64vr5000el | mcore \
+		| sparc | sparclet | sparclite | sparc64 | sparcv9 | v850 | c4x \
+		| thumb | d10v | d30v | fr30 | avr)
 		basic_machine=$basic_machine-unknown
 		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | z8k | v70 | h8500 | w65 | pj | pjl)
+		;;
+
 	# We use `pc' rather than `unknown'
 	# because (1) that's what they normally are, and
 	# (2) the word "unknown" tends to confuse beginning users.
-	i[34567]86)
+	i[234567]86 | x86_64)
 	  basic_machine=$basic_machine-pc
 	  ;;
 	# Object if more than one company name word.
@@ -171,27 +241,49 @@ case $basic_machine in
 		exit 1
 		;;
 	# Recognize the basic CPU types with company name.
-	vax-* | tahoe-* | i[34567]86-* | i860-* | m32r-* | m68k-* | m68000-* \
+	# FIXME: clean up the formatting here.
+	vax-* | tahoe-* | i[234567]86-* | i860-* | ia64-* | m32r-* | m68k-* | m68000-* \
 	      | m88k-* | sparc-* | ns32k-* | fx80-* | arc-* | arm-* | c[123]* \
 	      | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* \
-	      | power-* | none-* | 580-* | cray2-* | h8300-* | i960-* \
-	      | xmp-* | ymp-* | hppa-* | hppa1.0-* | hppa1.1-* \
-	      | alpha-* | alphaev5-* | alphaev56-* | we32k-* | cydra-* \
-	      | ns16k-* | pn-* | np1-* | xps100-* | clipper-* | orion-* \
+	      | power-* | none-* | 580-* | cray2-* | h8300-* | h8500-* | i960-* \
+	      | xmp-* | ymp-* \
+	      | x86-* | ppcbe-* | mipsbe-* | mipsle-* | shbe-* | shle-* | armbe-* | armle-* \
+	      | hppa-* | hppa1.0-* | hppa1.1-* | hppa2.0-* | hppa2.0w-* \
+	      | hppa2.0n-* | hppa64-* \
+	      | alpha-* | alphaev[4-8]-* | alphaev56-* | alphapca5[67]-* \
+	      | alphaev6[78]-* \
+	      | we32k-* | cydra-* | ns16k-* | pn-* | np1-* | xps100-* \
+	      | clipper-* | orion-* \
 	      | sparclite-* | pdp11-* | sh-* | powerpc-* | powerpcle-* \
-	      | sparc64-* | mips64-* | mipsel-* \
-	      | mips64el-* | mips64orion-* | mips64orionel-*  \
-	      | mipstx39-* | mipstx39el-* \
-	      | f301-*)
+	      | sparc64-* | sparcv9-* | sparc86x-* | mips16-* | mips64-* | mipsel-* \
+	      | mips64el-* | mips64orion-* | mips64orionel-* \
+	      | mips64vr4100-* | mips64vr4100el-* | mips64vr4300-* | mips64vr4300el-* \
+	      | mipstx39-* | mipstx39el-* | mcore-* \
+	      | f301-* | armv*-* | s390-* | sv1-* | t3e-* \
+	      | m88110-* | m680[01234]0-* | m683?2-* | m68360-* | z8k-* | d10v-* \
+	      | thumb-* | v850-* | d30v-* | tic30-* | c30-* | fr30-* \
+	      | bs2000-* | tic54x-* | c54x-* | x86_64-*)
 		;;
 	# Recognize the various machine names and aliases which stand
 	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
 	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
 		basic_machine=m68000-att
 		;;
 	3b*)
 		basic_machine=we32k-att
 		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
 	alliant | fx80)
 		basic_machine=fx80-alliant
 		;;
@@ -207,20 +299,24 @@ case $basic_machine in
 		os=-sysv
 		;;
 	amiga | amiga-*)
-		basic_machine=m68k-cbm
+		basic_machine=m68k-unknown
 		;;
 	amigaos | amigados)
-		basic_machine=m68k-cbm
+		basic_machine=m68k-unknown
 		os=-amigaos
 		;;
 	amigaunix | amix)
-		basic_machine=m68k-cbm
+		basic_machine=m68k-unknown
 		os=-sysv4
 		;;
 	apollo68)
 		basic_machine=m68k-apollo
 		os=-sysv
 		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
 	aux)
 		basic_machine=m68k-apple
 		os=-aux
@@ -258,12 +354,15 @@ case $basic_machine in
 		os=-unicos
 		;;
 	[ctj]90-cray)
-		#basic_machine=c90-cray
+		basic_machine=c90-cray
 		os=-unicos
 		;;
 	crds | unos)
 		basic_machine=m68k-crds
 		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
 	da30 | da30-*)
 		basic_machine=m68k-da30
 		;;
@@ -297,6 +396,10 @@ case $basic_machine in
 	encore | umax | mmax)
 		basic_machine=ns32k-encore
 		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
 	fx2800)
 		basic_machine=i860-alliant
 		;;
@@ -315,6 +418,14 @@ case $basic_machine in
 		basic_machine=h8300-hitachi
 		os=-hms
 		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
 	harris)
 		basic_machine=m88k-harris
 		os=-sysv3
@@ -330,13 +441,30 @@ case $basic_machine in
 		basic_machine=m68k-hp
 		os=-hpux
 		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
 	hp9k2[0-9][0-9] | hp9k31[0-9])
 		basic_machine=m68000-hp
 		;;
 	hp9k3[2-9][0-9])
 		basic_machine=m68k-hp
 		;;
-	hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7)
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
 		basic_machine=hppa1.1-hp
 		;;
 	hp9k8[0-9][0-9] | hp8[0-9][0-9])
@@ -345,9 +473,16 @@ case $basic_machine in
 	hppa-next)
 		os=-nextstep3
 		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
 	i370-ibm* | ibm*)
 		basic_machine=i370-ibm
-		os=-mvs
 		;;
 # I'm not sure what "Sysv32" means.  Should this be sysv3.2?
 	i[34567]86v32)
@@ -366,6 +501,26 @@ case $basic_machine in
 		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
 		os=-solaris2
 		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	i386-go32 | go32)
+		basic_machine=i386-unknown
+		os=-go32
+		;;
+	i386-mingw32 | mingw32)
+		basic_machine=i386-unknown
+		os=-mingw32
+		;;
+	i[34567]86-pw32 | pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
 	iris | iris4d)
 		basic_machine=mips-sgi
 		case $os in
@@ -394,6 +549,10 @@ case $basic_machine in
 	miniframe)
 		basic_machine=m68000-convergent
 		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
 	mipsel*-linux*)
 		basic_machine=mipsel-unknown
 		os=-linux-gnu
@@ -408,10 +567,34 @@ case $basic_machine in
 	mips3*)
 		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
 		;;
+	mmix*)
+		basic_machine=mmix-knuth
+		os=-mmixware
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	msdos)
+		basic_machine=i386-unknown
+		os=-msdos
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
 	ncr3000)
 		basic_machine=i486-ncr
 		os=-sysv4
 		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
 	news | news700 | news800 | news900)
 		basic_machine=m68k-sony
 		os=-newsos
@@ -424,6 +607,10 @@ case $basic_machine in
 		basic_machine=mips-sony
 		os=-newsos
 		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
 	next | m*-next )
 		basic_machine=m68k-next
 		case $os in
@@ -449,9 +636,28 @@ case $basic_machine in
 		basic_machine=i960-intel
 		os=-nindy
 		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
 	np1)
 		basic_machine=np1-gould
 		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
 	pa-hitachi)
 		basic_machine=hppa1.1-hitachi
 		os=-hiuxwe2
@@ -469,19 +675,19 @@ case $basic_machine in
         pc532 | pc532-*)
 		basic_machine=ns32k-pc532
 		;;
-	pentium | p5 | k5 | nexen)
+	pentium | p5 | k5 | k6 | nexen)
 		basic_machine=i586-pc
 		;;
-	pentiumpro | p6 | k6 | 6x86)
+	pentiumpro | p6 | 6x86 | athlon)
 		basic_machine=i686-pc
 		;;
 	pentiumii | pentium2)
 		basic_machine=i786-pc
 		;;
-	pentium-* | p5-* | k5-* | nexen-*)
+	pentium-* | p5-* | k5-* | k6-* | nexen-*)
 		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
-	pentiumpro-* | p6-* | k6-* | 6x86-*)
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
 		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
 	pentiumii-* | pentium2-*)
@@ -505,12 +711,20 @@ case $basic_machine in
 	ps2)
 		basic_machine=i386-ibm
 		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
 	rm[46]00)
 		basic_machine=mips-siemens
 		;;
 	rtpc | rtpc-*)
 		basic_machine=romp-ibm
 		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
 	sequent)
 		basic_machine=i386-sequent
 		;;
@@ -518,6 +732,10 @@ case $basic_machine in
 		basic_machine=sh-hitachi
 		os=-hms
 		;;
+	sparclite-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
 	sps7)
 		basic_machine=m68k-bull
 		os=-sysv2
@@ -525,6 +743,13 @@ case $basic_machine in
 	spur)
 		basic_machine=spur-unknown
 		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
 	sun2)
 		basic_machine=m68000-sun
 		;;
@@ -565,10 +790,22 @@ case $basic_machine in
 	sun386 | sun386i | roadrunner)
 		basic_machine=i386-sun
 		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
 	symmetry)
 		basic_machine=i386-sequent
 		os=-dynix
 		;;
+	t3e)
+		basic_machine=t3e-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
 	tx39)
 		basic_machine=mipstx39-unknown
 		;;
@@ -586,13 +823,14 @@ case $basic_machine in
 		basic_machine=a29k-nyu
 		os=-sym1
 		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
 	vaxv)
 		basic_machine=vax-dec
 		os=-sysv
 		;;
-	vpp*|vx|vx-*)
-		basic_machine=f301-fujitsu
-		;;
 	vms)
 		basic_machine=vax-dec
 		os=-vms
@@ -612,6 +850,14 @@ case $basic_machine in
 		basic_machine=a29k-wrs
 		os=-vxworks
 		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
 	xmp)
 		basic_machine=xmp-cray
 		os=-unicos
@@ -619,6 +865,10 @@ case $basic_machine in
         xps | xps100)
 		basic_machine=xps100-honeywell
 		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
 	none)
 		basic_machine=none-none
 		os=-none
@@ -626,6 +876,15 @@ case $basic_machine in
 
 # Here we handle the default manufacturer of certain CPU types.  It is in
 # some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
 	mips)
 		if [ x$os = x-linux-gnu ]; then
 			basic_machine=mips-unknown
@@ -648,7 +907,10 @@ case $basic_machine in
 	we32k)
 		basic_machine=we32k-att
 		;;
-	sparc)
+	sh3 | sh4)
+		base_machine=sh-unknown
+		;;
+	sparc | sparcv9)
 		basic_machine=sparc-sun
 		;;
         cydra)
@@ -660,6 +922,16 @@ case $basic_machine in
 	orion105)
 		basic_machine=clipper-highlevel
 		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	c4x*)
+		basic_machine=c4x-none
+		os=-coff
+		;;
 	*)
 		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
 		exit 1
@@ -713,13 +985,34 @@ case $os in
 	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
 	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
 	      | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
-	      | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \
+	      | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
 	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
 	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
-	      | -cygwin32* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
-	      | -mingw32* | -linux-gnu* | -uxpv*)
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32*)
 	# Remember, each alternative MUST END IN *, to match a version number.
 		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i[34567]86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto*)
+		os=-nto-qnx
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
 	-linux*)
 		os=`echo $os | sed -e 's|linux|linux-gnu|'`
 		;;
@@ -729,6 +1022,12 @@ case $os in
 	-sunos6*)
 		os=`echo $os | sed -e 's|sunos6|solaris3|'`
 		;;
+	-opened*)
+		os=-openedition
+		;;
+	-wince*)
+		os=-wince
+		;;
 	-osfrose*)
 		os=-osfrose
 		;;
@@ -744,12 +1043,18 @@ case $os in
 	-acis*)
 		os=-aos
 		;;
+	-386bsd)
+		os=-bsd
+		;;
 	-ctix* | -uts*)
 		os=-sysv
 		;;
 	-ns2 )
 	        os=-nextstep2
 		;;
+	-nsk*)
+		os=-nsk
+		;;
 	# Preserve the version number of sinix5.
 	-sinix5.*)
 		os=`echo $os | sed -e 's|sinix|sysv|'`
@@ -775,12 +1080,17 @@ case $os in
 	# This must come after -sysvr4.
 	-sysv*)
 		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
 	-xenix)
 		os=-xenix
 		;;
-	-os2*)
-		;;
-	-rhapsody*)
+        -*mint | -*MiNT)
+	        os=-mint
 		;;
 	-none)
 		;;
@@ -807,6 +1117,9 @@ case $basic_machine in
 	*-acorn)
 		os=-riscix1.2
 		;;
+	arm*-rebel)
+		os=-linux
+		;;
 	arm*-semi)
 		os=-aout
 		;;
@@ -828,15 +1141,36 @@ case $basic_machine in
 		# default.
 		# os=-sunos4
 		;;
+	m68*-cisco)
+		os=-aout
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
 	*-tti)	# must be before sparc entry or we get the wrong os.
 		os=-sysv3
 		;;
 	sparc-* | *-sun)
 		os=-sunos4.1.1
 		;;
+	*-be)
+		os=-beos
+		;;
 	*-ibm)
 		os=-aix
 		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
 	*-hp)
 		os=-hpux
 		;;
@@ -900,6 +1234,18 @@ case $basic_machine in
 	f301-fujitsu)
 		os=-uxpv
 		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
 	*)
 		os=-none
 		;;
@@ -921,9 +1267,15 @@ case $basic_machine in
 			-aix*)
 				vendor=ibm
 				;;
+			-beos*)
+				vendor=be
+				;;
 			-hpux*)
 				vendor=hp
 				;;
+			-mpeix*)
+				vendor=hp
+				;;
 			-hiux*)
 				vendor=hitachi
 				;;
@@ -939,7 +1291,7 @@ case $basic_machine in
 			-genix*)
 				vendor=ns
 				;;
-			-mvs*)
+			-mvs* | -opened*)
 				vendor=ibm
 				;;
 			-ptx*)
@@ -951,9 +1303,26 @@ case $basic_machine in
 			-aux*)
 				vendor=apple
 				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -*MiNT)
+				vendor=atari
+				;;
 		esac
 		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
 		;;
 esac
 
 echo $basic_machine$os
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "version='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/crypto/kerberosIV/configure b/crypto/kerberosIV/configure
index 796213e86bbb..0ee1b832b7b9 100644
--- a/crypto/kerberosIV/configure
+++ b/crypto/kerberosIV/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 
-# From configure.in Revision: 1.432.2.2 
+# From configure.in Revision: 1.432.2.14 
 
 
 
@@ -709,7 +709,7 @@ fi
 
 
 PACKAGE=krb4
-VERSION=1.0
+VERSION=1.0.5
 cat >> confdefs.h <<EOF
 #define PACKAGE "$PACKAGE"
 EOF
@@ -778,6 +778,9 @@ case "$host" in
 *-*-solaris2.7)
 	sunos=57
 	;;
+*-*-solaris2.8)
+	sunos=58
+	;;
 *-*-solaris2*)
 	sunos=50
 	;;
@@ -790,7 +793,7 @@ EOF
 fi
 
 echo $ac_n "checking whether ${MAKE-make} sets \${MAKE}""... $ac_c" 1>&6
-echo "configure:794: checking whether ${MAKE-make} sets \${MAKE}" >&5
+echo "configure:797: checking whether ${MAKE-make} sets \${MAKE}" >&5
 set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_prog_make_${ac_make}_set'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -841,7 +844,7 @@ test -z "$LDFLAGS" && LDFLAGS=-g
 
 
 echo $ac_n "checking for ln -s or something else""... $ac_c" 1>&6
-echo "configure:845: checking for ln -s or something else" >&5
+echo "configure:848: checking for ln -s or something else" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -866,7 +869,7 @@ echo "$ac_t""$ac_cv_prog_LN_S" 1>&6
 # Extract the first word of "gcc", so it can be a program name with args.
 set dummy gcc; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:870: checking for $ac_word" >&5
+echo "configure:873: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -896,7 +899,7 @@ if test -z "$CC"; then
   # Extract the first word of "cc", so it can be a program name with args.
 set dummy cc; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:900: checking for $ac_word" >&5
+echo "configure:903: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -947,7 +950,7 @@ fi
       # Extract the first word of "cl", so it can be a program name with args.
 set dummy cl; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:951: checking for $ac_word" >&5
+echo "configure:954: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -979,7 +982,7 @@ fi
 fi
 
 echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6
-echo "configure:983: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
+echo "configure:986: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
 
 ac_ext=c
 # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
@@ -990,12 +993,12 @@ cross_compiling=$ac_cv_prog_cc_cross
 
 cat > conftest.$ac_ext << EOF
 
-#line 994 "configure"
+#line 997 "configure"
 #include "confdefs.h"
 
 main(){return(0);}
 EOF
-if { (eval echo configure:999: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1002: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   ac_cv_prog_cc_works=yes
   # If we can't run a trivial program, we are probably using a cross compiler.
   if (./conftest; exit) 2>/dev/null; then
@@ -1021,12 +1024,12 @@ if test $ac_cv_prog_cc_works = no; then
   { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; }
 fi
 echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6
-echo "configure:1025: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
+echo "configure:1028: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6
 cross_compiling=$ac_cv_prog_cc_cross
 
 echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6
-echo "configure:1030: checking whether we are using GNU C" >&5
+echo "configure:1033: checking whether we are using GNU C" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1035,7 +1038,7 @@ else
   yes;
 #endif
 EOF
-if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:1039: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
+if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:1042: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
   ac_cv_prog_gcc=yes
 else
   ac_cv_prog_gcc=no
@@ -1054,7 +1057,7 @@ ac_test_CFLAGS="${CFLAGS+set}"
 ac_save_CFLAGS="$CFLAGS"
 CFLAGS=
 echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6
-echo "configure:1058: checking whether ${CC-cc} accepts -g" >&5
+echo "configure:1061: checking whether ${CC-cc} accepts -g" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1086,7 +1089,7 @@ else
 fi
 
 echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
-echo "configure:1090: checking how to run the C preprocessor" >&5
+echo "configure:1093: checking how to run the C preprocessor" >&5
 # On Suns, sometimes $CPP names a directory.
 if test -n "$CPP" && test -d "$CPP"; then
   CPP=
@@ -1101,13 +1104,13 @@ else
   # On the NeXT, cc -E runs the code through the compiler's parser,
   # not just through cpp.
   cat > conftest.$ac_ext <<EOF
-#line 1105 "configure"
+#line 1108 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1111: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1114: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -1118,13 +1121,13 @@ else
   rm -rf conftest*
   CPP="${CC-cc} -E -traditional-cpp"
   cat > conftest.$ac_ext <<EOF
-#line 1122 "configure"
+#line 1125 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1128: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1131: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -1135,13 +1138,13 @@ else
   rm -rf conftest*
   CPP="${CC-cc} -nologo -E"
   cat > conftest.$ac_ext <<EOF
-#line 1139 "configure"
+#line 1142 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1145: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1148: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -1166,7 +1169,7 @@ fi
 echo "$ac_t""$CPP" 1>&6
 
 echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6
-echo "configure:1170: checking for POSIXized ISC" >&5
+echo "configure:1173: checking for POSIXized ISC" >&5
 if test -d /etc/conf/kconfig.d &&
   grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1
 then
@@ -1191,7 +1194,7 @@ do
 # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1195: checking for $ac_word" >&5
+echo "configure:1198: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_YACC'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1223,7 +1226,7 @@ done
 # Extract the first word of "flex", so it can be a program name with args.
 set dummy flex; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1227: checking for $ac_word" >&5
+echo "configure:1230: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_LEX'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1257,7 +1260,7 @@ then
   *) ac_lib=l ;;
   esac
   echo $ac_n "checking for yywrap in -l$ac_lib""... $ac_c" 1>&6
-echo "configure:1261: checking for yywrap in -l$ac_lib" >&5
+echo "configure:1264: checking for yywrap in -l$ac_lib" >&5
 ac_lib_var=`echo $ac_lib'_'yywrap | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -1265,7 +1268,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-l$ac_lib  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 1269 "configure"
+#line 1272 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -1276,7 +1279,7 @@ int main() {
 yywrap()
 ; return 0; }
 EOF
-if { (eval echo configure:1280: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1283: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -1301,7 +1304,7 @@ fi
 # Extract the first word of "ranlib", so it can be a program name with args.
 set dummy ranlib; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1305: checking for $ac_word" >&5
+echo "configure:1308: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1340,7 +1343,7 @@ fi
 # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
 # ./install, which can be erroneously created by make from ./install.sh.
 echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6
-echo "configure:1344: checking for a BSD compatible install" >&5
+echo "configure:1347: checking for a BSD compatible install" >&5
 if test -z "$INSTALL"; then
 if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -1397,7 +1400,7 @@ do
 # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1401: checking for $ac_word" >&5
+echo "configure:1404: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_AWK'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1429,7 +1432,7 @@ done
 # Extract the first word of "makeinfo", so it can be a program name with args.
 set dummy makeinfo; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1433: checking for $ac_word" >&5
+echo "configure:1436: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_MAKEINFO'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1491,7 +1494,7 @@ fi
 
 
 echo $ac_n "checking for socks""... $ac_c" 1>&6
-echo "configure:1495: checking for socks" >&5
+echo "configure:1498: checking for socks" >&5
 
 case "$with_socks" in
 yes)	;;
@@ -1530,14 +1533,14 @@ ires= lres=
 for i in $header_dirs; do
 	CFLAGS="-I$i $save_CFLAGS"
 	cat > conftest.$ac_ext <<EOF
-#line 1534 "configure"
+#line 1537 "configure"
 #include "confdefs.h"
 #include <socks.h>
 int main() {
 
 ; return 0; }
 EOF
-if { (eval echo configure:1541: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1544: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ires=$i;break
 else
@@ -1549,14 +1552,14 @@ done
 for i in $lib_dirs; do
 	LIBS="-L$i -lsocks5  $save_LIBS"
 	cat > conftest.$ac_ext <<EOF
-#line 1553 "configure"
+#line 1556 "configure"
 #include "confdefs.h"
 #include <socks.h>
 int main() {
 
 ; return 0; }
 EOF
-if { (eval echo configure:1560: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1563: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   lres=$i;break
 else
@@ -1843,10 +1846,6 @@ test "$AFSWS" = "yes" && AFSWS=/usr/afsws
 if test "${enable_rxkad+set}" = set; then
   enableval="$enable_rxkad"
   :
-else
-  
-test -f $AFSWS/include/rx/rx.h && enable_rxkad=yes
-
 fi
 
 
@@ -1896,7 +1895,7 @@ fi
 
 
 echo $ac_n "checking for readline""... $ac_c" 1>&6
-echo "configure:1900: checking for readline" >&5
+echo "configure:1899: checking for readline" >&5
 
 case "$with_readline" in
 yes)	;;
@@ -1935,7 +1934,7 @@ ires= lres=
 for i in $header_dirs; do
 	CFLAGS="-I$i $save_CFLAGS"
 	cat > conftest.$ac_ext <<EOF
-#line 1939 "configure"
+#line 1938 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -1945,7 +1944,7 @@ int main() {
 
 ; return 0; }
 EOF
-if { (eval echo configure:1949: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1948: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ires=$i;break
 else
@@ -1957,7 +1956,7 @@ done
 for i in $lib_dirs; do
 	LIBS="-L$i -lreadline  $save_LIBS"
 	cat > conftest.$ac_ext <<EOF
-#line 1961 "configure"
+#line 1960 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -1967,7 +1966,7 @@ int main() {
 
 ; return 0; }
 EOF
-if { (eval echo configure:1971: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1970: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   lres=$i;break
 else
@@ -2032,7 +2031,7 @@ esac
 if test -n "$abi" ; then
 ac_foo=krb_cv_gcc_`echo $abi | tr =- __`
 echo $ac_n "checking if $CC supports the $abi option""... $ac_c" 1>&6
-echo "configure:2036: checking if $CC supports the $abi option" >&5
+echo "configure:2035: checking if $CC supports the $abi option" >&5
 if eval "test \"`echo '$''{'$ac_foo'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -2040,14 +2039,14 @@ else
 save_CFLAGS="$CFLAGS"
 CFLAGS="$CFLAGS $abi"
 cat > conftest.$ac_ext <<EOF
-#line 2044 "configure"
+#line 2043 "configure"
 #include "confdefs.h"
 
 int main() {
 int x;
 ; return 0; }
 EOF
-if { (eval echo configure:2051: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2050: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval $ac_foo=yes
 else
@@ -2070,14 +2069,14 @@ case $abi in
 	save_CFLAGS="$CFLAGS"
 	CFLAGS="$CFLAGS -mabi=n32"
 	cat > conftest.$ac_ext <<EOF
-#line 2074 "configure"
+#line 2073 "configure"
 #include "confdefs.h"
 
 int main() {
 int x;
 ; return 0; }
 EOF
-if { (eval echo configure:2081: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2080: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_res=yes
 else
@@ -2151,7 +2150,7 @@ fi
 
 
 echo $ac_n "checking for hesiod""... $ac_c" 1>&6
-echo "configure:2155: checking for hesiod" >&5
+echo "configure:2154: checking for hesiod" >&5
 
 case "$with_hesiod" in
 yes)	;;
@@ -2190,14 +2189,14 @@ ires= lres=
 for i in $header_dirs; do
 	CFLAGS="-I$i $save_CFLAGS"
 	cat > conftest.$ac_ext <<EOF
-#line 2194 "configure"
+#line 2193 "configure"
 #include "confdefs.h"
 #include <hesiod.h>
 int main() {
 
 ; return 0; }
 EOF
-if { (eval echo configure:2201: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2200: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ires=$i;break
 else
@@ -2209,14 +2208,14 @@ done
 for i in $lib_dirs; do
 	LIBS="-L$i -lhesiod  $save_LIBS"
 	cat > conftest.$ac_ext <<EOF
-#line 2213 "configure"
+#line 2212 "configure"
 #include "confdefs.h"
 #include <hesiod.h>
 int main() {
 
 ; return 0; }
 EOF
-if { (eval echo configure:2220: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2219: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   lres=$i;break
 else
@@ -2308,7 +2307,7 @@ case "${host}" in
 	install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
 	install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
 	;;
-*-*-freebsd[34]*)
+*-*-freebsd[345]* | *-*-freebsdelf[345]*)
 	REAL_SHLIBEXT=so.$SHLIB_VERSION
 	REAL_LD_FLAGS='-Wl,-R$(libdir)'
 	build_symlink_command='$(LN_S) -f $@ $(LIBNAME).so'
@@ -2326,9 +2325,14 @@ case "${host}" in
 	LDSHARED='ld -shared -expect_unresolved \*'
 	;;
 *-*-solaris2*)
+	LDSHARED='$(CC) -shared -Wl,-h$(LIBNAME).so.'"${SHLIB_SONAME}"
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	build_symlink_command='$(LN_S) $@ $(LIBNAME).so'
+	install_symlink_command='$(LN_S) $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
+	install_symlink_command2='$(LN_S) $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
 	REAL_LD_FLAGS='-Wl,-R$(libdir)'
 	if test -z "$GCC"; then
-		LDSHARED='$(CC) -G'
+		LDSHARED='$(CC) -G -h$(LIBNAME).so.'"${SHLIB_SONAME}"
 		REAL_PICFLAGS="-Kpic"
 	fi
 	;;
@@ -2380,7 +2384,7 @@ else
  SHLIBEXT="$REAL_SHLIBEXT"
  LIBEXT="$SHLIBEXT"
  echo $ac_n "checking whether to use -rpath""... $ac_c" 1>&6
-echo "configure:2384: checking whether to use -rpath" >&5
+echo "configure:2388: checking whether to use -rpath" >&5
  case "$libdir" in
    /lib | /usr/lib | /usr/local/lib)
      echo "$ac_t""no" 1>&6
@@ -2417,14 +2421,14 @@ fi
 
 
 echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6
-echo "configure:2421: checking whether byte ordering is bigendian" >&5
+echo "configure:2425: checking whether byte ordering is bigendian" >&5
 if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_cv_c_bigendian=unknown
 # See if sys/param.h defines the BYTE_ORDER macro.
 cat > conftest.$ac_ext <<EOF
-#line 2428 "configure"
+#line 2432 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/param.h>
@@ -2435,11 +2439,11 @@ int main() {
 #endif
 ; return 0; }
 EOF
-if { (eval echo configure:2439: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2443: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   # It does; now see whether it defined to BIG_ENDIAN or not.
 cat > conftest.$ac_ext <<EOF
-#line 2443 "configure"
+#line 2447 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/param.h>
@@ -2450,7 +2454,7 @@ int main() {
 #endif
 ; return 0; }
 EOF
-if { (eval echo configure:2454: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2458: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_bigendian=yes
 else
@@ -2470,7 +2474,7 @@ if test "$cross_compiling" = yes; then
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 2474 "configure"
+#line 2478 "configure"
 #include "confdefs.h"
 main () {
   /* Are we little or big endian?  From Harbison&Steele.  */
@@ -2483,7 +2487,7 @@ main () {
   exit (u.c[sizeof (long) - 1] == 1);
 }
 EOF
-if { (eval echo configure:2487: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:2491: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_c_bigendian=no
 else
@@ -2508,12 +2512,12 @@ fi
 
 
 echo $ac_n "checking for working const""... $ac_c" 1>&6
-echo "configure:2512: checking for working const" >&5
+echo "configure:2516: checking for working const" >&5
 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2517 "configure"
+#line 2521 "configure"
 #include "confdefs.h"
 
 int main() {
@@ -2562,7 +2566,7 @@ ccp = (char const *const *) p;
 
 ; return 0; }
 EOF
-if { (eval echo configure:2566: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2570: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_const=yes
 else
@@ -2584,21 +2588,21 @@ fi
 
 
 echo $ac_n "checking for inline""... $ac_c" 1>&6
-echo "configure:2588: checking for inline" >&5
+echo "configure:2592: checking for inline" >&5
 if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_cv_c_inline=no
 for ac_kw in inline __inline__ __inline; do
   cat > conftest.$ac_ext <<EOF
-#line 2595 "configure"
+#line 2599 "configure"
 #include "confdefs.h"
 
 int main() {
 } $ac_kw foo() {
 ; return 0; }
 EOF
-if { (eval echo configure:2602: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2606: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_inline=$ac_kw; break
 else
@@ -2626,13 +2630,13 @@ esac
 
 
 echo $ac_n "checking for __attribute__""... $ac_c" 1>&6
-echo "configure:2630: checking for __attribute__" >&5
+echo "configure:2634: checking for __attribute__" >&5
 if eval "test \"`echo '$''{'ac_cv___attribute__'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 2636 "configure"
+#line 2640 "configure"
 #include "confdefs.h"
 
 #include <stdlib.h>
@@ -2649,7 +2653,7 @@ foo(void)
 
 ; return 0; }
 EOF
-if { (eval echo configure:2653: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2657: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv___attribute__=yes
 else
@@ -2673,12 +2677,12 @@ echo "$ac_t""$ac_cv___attribute__" 1>&6
 
 
 echo $ac_n "checking for NEXTSTEP""... $ac_c" 1>&6
-echo "configure:2677: checking for NEXTSTEP" >&5
+echo "configure:2681: checking for NEXTSTEP" >&5
 if eval "test \"`echo '$''{'krb_cv_sys_nextstep'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2682 "configure"
+#line 2686 "configure"
 #include "confdefs.h"
 #if defined(NeXT) && !defined(__APPLE__)
 	yes
@@ -2705,12 +2709,12 @@ echo "$ac_t""$krb_cv_sys_nextstep" 1>&6
 
 
 echo $ac_n "checking for AIX""... $ac_c" 1>&6
-echo "configure:2709: checking for AIX" >&5
+echo "configure:2713: checking for AIX" >&5
 if eval "test \"`echo '$''{'krb_cv_sys_aix'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2714 "configure"
+#line 2718 "configure"
 #include "confdefs.h"
 #ifdef _AIX
 	yes
@@ -2747,7 +2751,7 @@ if test "$krb_cv_sys_aix" = yes ;then
 
 
 echo $ac_n "checking for dlopen""... $ac_c" 1>&6
-echo "configure:2751: checking for dlopen" >&5
+echo "configure:2755: checking for dlopen" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_dlopen'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -2762,14 +2766,14 @@ if eval "test \"\$ac_cv_func_dlopen\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 2766 "configure"
+#line 2770 "configure"
 #include "confdefs.h"
 
 int main() {
 dlopen()
 ; return 0; }
 EOF
-if { (eval echo configure:2773: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2777: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_dlopen=$ac_lib; else ac_cv_funclib_dlopen=yes; fi";break
 else
@@ -2855,16 +2859,19 @@ if test -f /lib/pse.exp ;then
 	LIBS="$LIBS -Wl,-bnolibpath -Wl,-bI:/lib/pse.exp"
 fi
 ;;
+*-*-aix*)
+	LIBS="$LIBS -Wl,-bnolibpath"
+	;;
 esac
 
 
 echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
-echo "configure:2863: checking for ANSI C header files" >&5
+echo "configure:2870: checking for ANSI C header files" >&5
 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2868 "configure"
+#line 2875 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #include <stdarg.h>
@@ -2872,7 +2879,7 @@ else
 #include <float.h>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2876: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:2883: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -2889,7 +2896,7 @@ rm -f conftest*
 if test $ac_cv_header_stdc = yes; then
   # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 2893 "configure"
+#line 2900 "configure"
 #include "confdefs.h"
 #include <string.h>
 EOF
@@ -2907,7 +2914,7 @@ fi
 if test $ac_cv_header_stdc = yes; then
   # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 2911 "configure"
+#line 2918 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 EOF
@@ -2928,7 +2935,7 @@ if test "$cross_compiling" = yes; then
   :
 else
   cat > conftest.$ac_ext <<EOF
-#line 2932 "configure"
+#line 2939 "configure"
 #include "confdefs.h"
 #include <ctype.h>
 #define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
@@ -2939,7 +2946,7 @@ if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2);
 exit (0); }
 
 EOF
-if { (eval echo configure:2943: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:2950: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   :
 else
@@ -2979,6 +2986,7 @@ for ac_hdr in arpa/ftp.h			\
 	errno.h					\
 	fcntl.h					\
 	fnmatch.h				\
+	gdbm/ndbm.h				\
 	grp.h					\
 	inttypes.h				\
 	io.h					\
@@ -3061,17 +3069,17 @@ for ac_hdr in arpa/ftp.h			\
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:3065: checking for $ac_hdr" >&5
+echo "configure:3073: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3070 "configure"
+#line 3078 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:3075: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:3083: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -3099,12 +3107,12 @@ done
 
 
 echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6
-echo "configure:3103: checking whether time.h and sys/time.h may both be included" >&5
+echo "configure:3111: checking whether time.h and sys/time.h may both be included" >&5
 if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3108 "configure"
+#line 3116 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/time.h>
@@ -3113,7 +3121,7 @@ int main() {
 struct tm *tp;
 ; return 0; }
 EOF
-if { (eval echo configure:3117: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3125: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_header_time=yes
 else
@@ -3134,12 +3142,12 @@ EOF
 fi
 
 echo $ac_n "checking for sys_siglist declaration in signal.h or unistd.h""... $ac_c" 1>&6
-echo "configure:3138: checking for sys_siglist declaration in signal.h or unistd.h" >&5
+echo "configure:3146: checking for sys_siglist declaration in signal.h or unistd.h" >&5
 if eval "test \"`echo '$''{'ac_cv_decl_sys_siglist'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3143 "configure"
+#line 3151 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <signal.h>
@@ -3151,7 +3159,7 @@ int main() {
 char *msg = *(sys_siglist + 1);
 ; return 0; }
 EOF
-if { (eval echo configure:3155: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3163: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_decl_sys_siglist=yes
 else
@@ -3177,17 +3185,17 @@ for ac_hdr in standards.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:3181: checking for $ac_hdr" >&5
+echo "configure:3189: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3186 "configure"
+#line 3194 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:3191: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:3199: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -3218,12 +3226,12 @@ for i in netinet/ip.h netinet/tcp.h; do
 cv=`echo "$i" | sed 'y%./+-%__p_%'`
 
 echo $ac_n "checking for $i""... $ac_c" 1>&6
-echo "configure:3222: checking for $i" >&5
+echo "configure:3230: checking for $i" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$cv'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3227 "configure"
+#line 3235 "configure"
 #include "confdefs.h"
 \
 #ifdef HAVE_STANDARDS_H
@@ -3233,7 +3241,7 @@ else
 
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:3237: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:3245: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -3277,13 +3285,13 @@ fi
 
 for i in int8_t int16_t int32_t int64_t; do
 	echo $ac_n "checking for $i""... $ac_c" 1>&6
-echo "configure:3281: checking for $i" >&5
+echo "configure:3289: checking for $i" >&5
 	
 if eval "test \"`echo '$''{'ac_cv_type_$i'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3287 "configure"
+#line 3295 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_INTTYPES_H
@@ -3307,7 +3315,7 @@ $i x;
 
 ; return 0; }
 EOF
-if { (eval echo configure:3311: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3319: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval ac_cv_type_$i=yes
 else
@@ -3333,13 +3341,13 @@ done
 
 for i in u_int8_t u_int16_t u_int32_t u_int64_t; do
 	echo $ac_n "checking for $i""... $ac_c" 1>&6
-echo "configure:3337: checking for $i" >&5
+echo "configure:3345: checking for $i" >&5
 	
 if eval "test \"`echo '$''{'ac_cv_type_$i'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3343 "configure"
+#line 3351 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_INTTYPES_H
@@ -3363,7 +3371,7 @@ $i x;
 
 ; return 0; }
 EOF
-if { (eval echo configure:3367: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3375: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval ac_cv_type_$i=yes
 else
@@ -3388,13 +3396,13 @@ done
 
 
 echo $ac_n "checking for strange sys/bitypes.h""... $ac_c" 1>&6
-echo "configure:3392: checking for strange sys/bitypes.h" >&5
+echo "configure:3400: checking for strange sys/bitypes.h" >&5
 if eval "test \"`echo '$''{'krb_cv_int8_t_ifdef'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 3398 "configure"
+#line 3406 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_SYS_TYPES_H
@@ -3412,7 +3420,7 @@ int8_t x;
 
 ; return 0; }
 EOF
-if { (eval echo configure:3416: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3424: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   krb_cv_int8_t_ifdef=no
 else
@@ -3436,7 +3444,7 @@ fi
 
 
 echo $ac_n "checking for crypt""... $ac_c" 1>&6
-echo "configure:3440: checking for crypt" >&5
+echo "configure:3448: checking for crypt" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_crypt'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3451,14 +3459,14 @@ if eval "test \"\$ac_cv_func_crypt\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 3455 "configure"
+#line 3463 "configure"
 #include "confdefs.h"
 
 int main() {
 crypt()
 ; return 0; }
 EOF
-if { (eval echo configure:3462: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:3470: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_crypt=$ac_lib; else ac_cv_funclib_crypt=yes; fi";break
 else
@@ -3523,7 +3531,7 @@ esac
 
 
 echo $ac_n "checking for socket""... $ac_c" 1>&6
-echo "configure:3527: checking for socket" >&5
+echo "configure:3535: checking for socket" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_socket'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3538,7 +3546,7 @@ if eval "test \"\$ac_cv_func_socket\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 3542 "configure"
+#line 3550 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -3550,7 +3558,7 @@ int main() {
 socket(0,0,0)
 ; return 0; }
 EOF
-if { (eval echo configure:3554: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:3562: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_socket=$ac_lib; else ac_cv_funclib_socket=yes; fi";break
 else
@@ -3618,7 +3626,7 @@ fi
 
 
 echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6
-echo "configure:3622: checking for gethostbyname" >&5
+echo "configure:3630: checking for gethostbyname" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_gethostbyname'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3633,7 +3641,7 @@ if eval "test \"\$ac_cv_func_gethostbyname\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 3637 "configure"
+#line 3645 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -3645,7 +3653,7 @@ int main() {
 gethostbyname("foo")
 ; return 0; }
 EOF
-if { (eval echo configure:3649: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:3657: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname=$ac_lib; else ac_cv_funclib_gethostbyname=yes; fi";break
 else
@@ -3715,7 +3723,7 @@ fi
 
 
 echo $ac_n "checking for odm_initialize""... $ac_c" 1>&6
-echo "configure:3719: checking for odm_initialize" >&5
+echo "configure:3727: checking for odm_initialize" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_odm_initialize'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3730,14 +3738,14 @@ if eval "test \"\$ac_cv_func_odm_initialize\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 3734 "configure"
+#line 3742 "configure"
 #include "confdefs.h"
 
 int main() {
 odm_initialize()
 ; return 0; }
 EOF
-if { (eval echo configure:3741: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:3749: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_odm_initialize=$ac_lib; else ac_cv_funclib_odm_initialize=yes; fi";break
 else
@@ -3805,7 +3813,7 @@ fi
 
 
 echo $ac_n "checking for getattr""... $ac_c" 1>&6
-echo "configure:3809: checking for getattr" >&5
+echo "configure:3817: checking for getattr" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_getattr'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3820,14 +3828,14 @@ if eval "test \"\$ac_cv_func_getattr\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 3824 "configure"
+#line 3832 "configure"
 #include "confdefs.h"
 
 int main() {
 getattr()
 ; return 0; }
 EOF
-if { (eval echo configure:3831: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:3839: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_getattr=$ac_lib; else ac_cv_funclib_getattr=yes; fi";break
 else
@@ -3895,7 +3903,7 @@ fi
 
 
 echo $ac_n "checking for setpcred""... $ac_c" 1>&6
-echo "configure:3899: checking for setpcred" >&5
+echo "configure:3907: checking for setpcred" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_setpcred'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3910,14 +3918,14 @@ if eval "test \"\$ac_cv_func_setpcred\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 3914 "configure"
+#line 3922 "configure"
 #include "confdefs.h"
 
 int main() {
 setpcred()
 ; return 0; }
 EOF
-if { (eval echo configure:3921: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:3929: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_setpcred=$ac_lib; else ac_cv_funclib_setpcred=yes; fi";break
 else
@@ -3985,7 +3993,7 @@ fi
 
 
 echo $ac_n "checking for logwtmp""... $ac_c" 1>&6
-echo "configure:3989: checking for logwtmp" >&5
+echo "configure:3997: checking for logwtmp" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_logwtmp'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4000,14 +4008,14 @@ if eval "test \"\$ac_cv_func_logwtmp\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 4004 "configure"
+#line 4012 "configure"
 #include "confdefs.h"
 
 int main() {
 logwtmp()
 ; return 0; }
 EOF
-if { (eval echo configure:4011: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4019: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_logwtmp=$ac_lib; else ac_cv_funclib_logwtmp=yes; fi";break
 else
@@ -4076,7 +4084,7 @@ fi
 
 
 echo $ac_n "checking for logout""... $ac_c" 1>&6
-echo "configure:4080: checking for logout" >&5
+echo "configure:4088: checking for logout" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_logout'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4091,14 +4099,14 @@ if eval "test \"\$ac_cv_func_logout\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 4095 "configure"
+#line 4103 "configure"
 #include "confdefs.h"
 
 int main() {
 logout()
 ; return 0; }
 EOF
-if { (eval echo configure:4102: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4110: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_logout=$ac_lib; else ac_cv_funclib_logout=yes; fi";break
 else
@@ -4165,7 +4173,7 @@ fi
 
 
 echo $ac_n "checking for tgetent""... $ac_c" 1>&6
-echo "configure:4169: checking for tgetent" >&5
+echo "configure:4177: checking for tgetent" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_tgetent'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4180,14 +4188,14 @@ if eval "test \"\$ac_cv_func_tgetent\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 4184 "configure"
+#line 4192 "configure"
 #include "confdefs.h"
 
 int main() {
 tgetent()
 ; return 0; }
 EOF
-if { (eval echo configure:4191: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4199: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_tgetent=$ac_lib; else ac_cv_funclib_tgetent=yes; fi";break
 else
@@ -4252,7 +4260,7 @@ esac
 # Uses ac_ vars as temps to allow command line to override cache and checks.
 # --without-x overrides everything else, but does not touch the cache.
 echo $ac_n "checking for X""... $ac_c" 1>&6
-echo "configure:4256: checking for X" >&5
+echo "configure:4264: checking for X" >&5
 
 # Check whether --with-x or --without-x was given.
 if test "${with_x+set}" = set; then
@@ -4314,12 +4322,12 @@ if test "$ac_x_includes" = NO; then
 
   # First, try using that file with no special directory specified.
 cat > conftest.$ac_ext <<EOF
-#line 4318 "configure"
+#line 4326 "configure"
 #include "confdefs.h"
 #include <$x_direct_test_include>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:4323: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:4331: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -4388,14 +4396,14 @@ if test "$ac_x_libraries" = NO; then
   ac_save_LIBS="$LIBS"
   LIBS="-l$x_direct_test_library $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4392 "configure"
+#line 4400 "configure"
 #include "confdefs.h"
 
 int main() {
 ${x_direct_test_function}()
 ; return 0; }
 EOF
-if { (eval echo configure:4399: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4407: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   LIBS="$ac_save_LIBS"
 # We can link X programs with no special library path.
@@ -4502,17 +4510,17 @@ else
     case "`(uname -sr) 2>/dev/null`" in
     "SunOS 5"*)
       echo $ac_n "checking whether -R must be followed by a space""... $ac_c" 1>&6
-echo "configure:4506: checking whether -R must be followed by a space" >&5
+echo "configure:4514: checking whether -R must be followed by a space" >&5
       ac_xsave_LIBS="$LIBS"; LIBS="$LIBS -R$x_libraries"
       cat > conftest.$ac_ext <<EOF
-#line 4509 "configure"
+#line 4517 "configure"
 #include "confdefs.h"
 
 int main() {
 
 ; return 0; }
 EOF
-if { (eval echo configure:4516: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4524: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_R_nospace=yes
 else
@@ -4528,14 +4536,14 @@ rm -f conftest*
       else
 	LIBS="$ac_xsave_LIBS -R $x_libraries"
 	cat > conftest.$ac_ext <<EOF
-#line 4532 "configure"
+#line 4540 "configure"
 #include "confdefs.h"
 
 int main() {
 
 ; return 0; }
 EOF
-if { (eval echo configure:4539: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4547: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_R_space=yes
 else
@@ -4567,7 +4575,7 @@ rm -f conftest*
     # libraries were built with DECnet support.  And karl@cs.umb.edu says
     # the Alpha needs dnet_stub (dnet does not exist).
     echo $ac_n "checking for dnet_ntoa in -ldnet""... $ac_c" 1>&6
-echo "configure:4571: checking for dnet_ntoa in -ldnet" >&5
+echo "configure:4579: checking for dnet_ntoa in -ldnet" >&5
 ac_lib_var=`echo dnet'_'dnet_ntoa | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4575,7 +4583,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-ldnet  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4579 "configure"
+#line 4587 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4586,7 +4594,7 @@ int main() {
 dnet_ntoa()
 ; return 0; }
 EOF
-if { (eval echo configure:4590: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4598: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4608,7 +4616,7 @@ fi
 
     if test $ac_cv_lib_dnet_dnet_ntoa = no; then
       echo $ac_n "checking for dnet_ntoa in -ldnet_stub""... $ac_c" 1>&6
-echo "configure:4612: checking for dnet_ntoa in -ldnet_stub" >&5
+echo "configure:4620: checking for dnet_ntoa in -ldnet_stub" >&5
 ac_lib_var=`echo dnet_stub'_'dnet_ntoa | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4616,7 +4624,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-ldnet_stub  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4620 "configure"
+#line 4628 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4627,7 +4635,7 @@ int main() {
 dnet_ntoa()
 ; return 0; }
 EOF
-if { (eval echo configure:4631: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4639: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4656,12 +4664,12 @@ fi
     # The nsl library prevents programs from opening the X display
     # on Irix 5.2, according to dickey@clark.net.
     echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6
-echo "configure:4660: checking for gethostbyname" >&5
+echo "configure:4668: checking for gethostbyname" >&5
 if eval "test \"`echo '$''{'ac_cv_func_gethostbyname'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 4665 "configure"
+#line 4673 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char gethostbyname(); below.  */
@@ -4684,7 +4692,7 @@ gethostbyname();
 
 ; return 0; }
 EOF
-if { (eval echo configure:4688: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4696: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_gethostbyname=yes"
 else
@@ -4705,7 +4713,7 @@ fi
 
     if test $ac_cv_func_gethostbyname = no; then
       echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6
-echo "configure:4709: checking for gethostbyname in -lnsl" >&5
+echo "configure:4717: checking for gethostbyname in -lnsl" >&5
 ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4713,7 +4721,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lnsl  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4717 "configure"
+#line 4725 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4724,7 +4732,7 @@ int main() {
 gethostbyname()
 ; return 0; }
 EOF
-if { (eval echo configure:4728: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4736: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4754,12 +4762,12 @@ fi
     # -lsocket must be given before -lnsl if both are needed.
     # We assume that if connect needs -lnsl, so does gethostbyname.
     echo $ac_n "checking for connect""... $ac_c" 1>&6
-echo "configure:4758: checking for connect" >&5
+echo "configure:4766: checking for connect" >&5
 if eval "test \"`echo '$''{'ac_cv_func_connect'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 4763 "configure"
+#line 4771 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char connect(); below.  */
@@ -4782,7 +4790,7 @@ connect();
 
 ; return 0; }
 EOF
-if { (eval echo configure:4786: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4794: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_connect=yes"
 else
@@ -4803,7 +4811,7 @@ fi
 
     if test $ac_cv_func_connect = no; then
       echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6
-echo "configure:4807: checking for connect in -lsocket" >&5
+echo "configure:4815: checking for connect in -lsocket" >&5
 ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4811,7 +4819,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lsocket $X_EXTRA_LIBS $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4815 "configure"
+#line 4823 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4822,7 +4830,7 @@ int main() {
 connect()
 ; return 0; }
 EOF
-if { (eval echo configure:4826: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4834: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4846,12 +4854,12 @@ fi
 
     # gomez@mi.uni-erlangen.de says -lposix is necessary on A/UX.
     echo $ac_n "checking for remove""... $ac_c" 1>&6
-echo "configure:4850: checking for remove" >&5
+echo "configure:4858: checking for remove" >&5
 if eval "test \"`echo '$''{'ac_cv_func_remove'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 4855 "configure"
+#line 4863 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char remove(); below.  */
@@ -4874,7 +4882,7 @@ remove();
 
 ; return 0; }
 EOF
-if { (eval echo configure:4878: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4886: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_remove=yes"
 else
@@ -4895,7 +4903,7 @@ fi
 
     if test $ac_cv_func_remove = no; then
       echo $ac_n "checking for remove in -lposix""... $ac_c" 1>&6
-echo "configure:4899: checking for remove in -lposix" >&5
+echo "configure:4907: checking for remove in -lposix" >&5
 ac_lib_var=`echo posix'_'remove | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4903,7 +4911,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lposix  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4907 "configure"
+#line 4915 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4914,7 +4922,7 @@ int main() {
 remove()
 ; return 0; }
 EOF
-if { (eval echo configure:4918: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4926: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4938,12 +4946,12 @@ fi
 
     # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay.
     echo $ac_n "checking for shmat""... $ac_c" 1>&6
-echo "configure:4942: checking for shmat" >&5
+echo "configure:4950: checking for shmat" >&5
 if eval "test \"`echo '$''{'ac_cv_func_shmat'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 4947 "configure"
+#line 4955 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char shmat(); below.  */
@@ -4966,7 +4974,7 @@ shmat();
 
 ; return 0; }
 EOF
-if { (eval echo configure:4970: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4978: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_shmat=yes"
 else
@@ -4987,7 +4995,7 @@ fi
 
     if test $ac_cv_func_shmat = no; then
       echo $ac_n "checking for shmat in -lipc""... $ac_c" 1>&6
-echo "configure:4991: checking for shmat in -lipc" >&5
+echo "configure:4999: checking for shmat in -lipc" >&5
 ac_lib_var=`echo ipc'_'shmat | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4995,7 +5003,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lipc  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4999 "configure"
+#line 5007 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -5006,7 +5014,7 @@ int main() {
 shmat()
 ; return 0; }
 EOF
-if { (eval echo configure:5010: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5018: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -5039,7 +5047,7 @@ fi
   # libraries we check for below, so use a different variable.
   #  --interran@uluru.Stanford.EDU, kb@cs.umb.edu.
   echo $ac_n "checking for IceConnectionNumber in -lICE""... $ac_c" 1>&6
-echo "configure:5043: checking for IceConnectionNumber in -lICE" >&5
+echo "configure:5051: checking for IceConnectionNumber in -lICE" >&5
 ac_lib_var=`echo ICE'_'IceConnectionNumber | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -5047,7 +5055,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lICE $X_EXTRA_LIBS $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 5051 "configure"
+#line 5059 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -5058,7 +5066,7 @@ int main() {
 IceConnectionNumber()
 ; return 0; }
 EOF
-if { (eval echo configure:5062: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5070: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -5087,7 +5095,7 @@ fi
 # and yes, the autoconf X test is utterly broken
 if test "$no_x" != yes; then
 	echo $ac_n "checking for special X linker flags""... $ac_c" 1>&6
-echo "configure:5091: checking for special X linker flags" >&5
+echo "configure:5099: checking for special X linker flags" >&5
 if eval "test \"`echo '$''{'krb_cv_sys_x_libs_rpath'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -5118,7 +5126,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 5122 "configure"
+#line 5130 "configure"
 #include "confdefs.h"
 
 		#include <X11/Xlib.h>
@@ -5132,7 +5140,7 @@ else
 		}
 		
 EOF
-if { (eval echo configure:5136: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:5144: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break
 else
@@ -5156,9 +5164,11 @@ fi
 
 if test "$no_x" = "yes" ; then
 	MAKE_X_PROGS_BIN=""
+	MAKE_X_SCRIPTS_BIN=""
 	MAKE_X_PROGS_LIBEXEC=""
 else
 	MAKE_X_PROGS_BIN='$(X_PROGS_BIN)'
+	MAKE_X_SCRIPTS_BIN='$(X_SCRIPTS_BIN)'
 	MAKE_X_PROGS_LIBEXEC='$(X_PROGS_LIBEXEC)'
 fi
 
@@ -5175,7 +5185,7 @@ LDFLAGS="$LDFLAGS $X_LIBS"
 
 
 echo $ac_n "checking for XauWriteAuth""... $ac_c" 1>&6
-echo "configure:5179: checking for XauWriteAuth" >&5
+echo "configure:5189: checking for XauWriteAuth" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_XauWriteAuth'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -5190,14 +5200,14 @@ if eval "test \"\$ac_cv_func_XauWriteAuth\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 5194 "configure"
+#line 5204 "configure"
 #include "confdefs.h"
 
 int main() {
 XauWriteAuth()
 ; return 0; }
 EOF
-if { (eval echo configure:5201: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5211: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauWriteAuth=$ac_lib; else ac_cv_funclib_XauWriteAuth=yes; fi";break
 else
@@ -5262,7 +5272,7 @@ LIBS="$LIB_XauWriteAuth $LIBS"
 
 
 echo $ac_n "checking for XauReadAuth""... $ac_c" 1>&6
-echo "configure:5266: checking for XauReadAuth" >&5
+echo "configure:5276: checking for XauReadAuth" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_XauReadAuth'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -5277,14 +5287,14 @@ if eval "test \"\$ac_cv_func_XauReadAuth\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 5281 "configure"
+#line 5291 "configure"
 #include "confdefs.h"
 
 int main() {
 XauReadAuth()
 ; return 0; }
 EOF
-if { (eval echo configure:5288: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5298: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauReadAuth=$ac_lib; else ac_cv_funclib_XauReadAuth=yes; fi";break
 else
@@ -5348,7 +5358,7 @@ LIBS="$LIB_XauReadAauth $LIBS"
 
 
 echo $ac_n "checking for XauFileName""... $ac_c" 1>&6
-echo "configure:5352: checking for XauFileName" >&5
+echo "configure:5362: checking for XauFileName" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_XauFileName'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -5363,14 +5373,14 @@ if eval "test \"\$ac_cv_func_XauFileName\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 5367 "configure"
+#line 5377 "configure"
 #include "confdefs.h"
 
 int main() {
 XauFileName()
 ; return 0; }
 EOF
-if { (eval echo configure:5374: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5384: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauFileName=$ac_lib; else ac_cv_funclib_XauFileName=yes; fi";break
 else
@@ -5493,7 +5503,7 @@ for i in "" $berkeley_db gdbm ndbm; do
 	fi	
 
 	echo $ac_n "checking for dbm_open in $m""... $ac_c" 1>&6
-echo "configure:5497: checking for dbm_open in $m" >&5
+echo "configure:5507: checking for dbm_open in $m" >&5
 	if eval "test \"`echo '$''{'ac_cv_krb_dbm_open_$m'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -5505,13 +5515,15 @@ else
   ac_res=no
 else
   cat > conftest.$ac_ext <<EOF
-#line 5509 "configure"
+#line 5519 "configure"
 #include "confdefs.h"
 
 #include <unistd.h>
 #include <fcntl.h>
 #if defined(HAVE_NDBM_H)
 #include <ndbm.h>
+#elif defined(HAVE_GDBM_NDBM_H)
+#include <gdbm/ndbm.h>
 #elif defined(HAVE_DBM_H)
 #include <dbm.h>
 #elif defined(HAVE_RPCSVC_DBM_H)
@@ -5531,7 +5543,7 @@ int main()
   return 0;
 }
 EOF
-if { (eval echo configure:5535: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:5547: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   
 	if test -f conftest.db; then
@@ -5566,7 +5578,7 @@ fi
 done
 
 echo $ac_n "checking for NDBM library""... $ac_c" 1>&6
-echo "configure:5570: checking for NDBM library" >&5
+echo "configure:5582: checking for NDBM library" >&5
 ac_ndbm=no
 if test "$lib_db" != no; then
 	LIB_DBM="$lib_db"
@@ -5607,7 +5619,7 @@ echo "$ac_t""$ac_res" 1>&6
 
 
 echo $ac_n "checking for syslog""... $ac_c" 1>&6
-echo "configure:5611: checking for syslog" >&5
+echo "configure:5623: checking for syslog" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_syslog'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -5622,14 +5634,14 @@ if eval "test \"\$ac_cv_func_syslog\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 5626 "configure"
+#line 5638 "configure"
 #include "confdefs.h"
 
 int main() {
 syslog()
 ; return 0; }
 EOF
-if { (eval echo configure:5633: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5645: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_syslog=$ac_lib; else ac_cv_funclib_syslog=yes; fi";break
 else
@@ -5695,7 +5707,7 @@ fi
 
 
 echo $ac_n "checking for working snprintf""... $ac_c" 1>&6
-echo "configure:5699: checking for working snprintf" >&5
+echo "configure:5711: checking for working snprintf" >&5
 if eval "test \"`echo '$''{'ac_cv_func_snprintf_working'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -5704,7 +5716,7 @@ if test "$cross_compiling" = yes; then
   :
 else
   cat > conftest.$ac_ext <<EOF
-#line 5708 "configure"
+#line 5720 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -5716,7 +5728,7 @@ int main()
 	return strcmp(foo, "1");
 }
 EOF
-if { (eval echo configure:5720: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:5732: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   :
 else
@@ -5742,12 +5754,12 @@ if test "$ac_cv_func_snprintf_working" = yes; then
 
 if test "$ac_cv_func_snprintf+set" != set -o "$ac_cv_func_snprintf" = yes; then
 echo $ac_n "checking if snprintf needs a prototype""... $ac_c" 1>&6
-echo "configure:5746: checking if snprintf needs a prototype" >&5
+echo "configure:5758: checking if snprintf needs a prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_snprintf_noproto'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5751 "configure"
+#line 5763 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 int main() {
@@ -5757,7 +5769,7 @@ snprintf(&xx);
 
 ; return 0; }
 EOF
-if { (eval echo configure:5761: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:5773: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_snprintf_noproto=yes"
 else
@@ -5784,13 +5796,13 @@ fi
 
 
 echo $ac_n "checking for working glob""... $ac_c" 1>&6
-echo "configure:5788: checking for working glob" >&5
+echo "configure:5800: checking for working glob" >&5
 if eval "test \"`echo '$''{'ac_cv_func_glob_working'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_cv_func_glob_working=yes
 cat > conftest.$ac_ext <<EOF
-#line 5794 "configure"
+#line 5806 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -5801,7 +5813,7 @@ glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE, NULL, NULL);
 
 ; return 0; }
 EOF
-if { (eval echo configure:5805: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5817: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   :
 else
@@ -5825,12 +5837,12 @@ if test "$ac_cv_func_glob_working" = yes; then
 
 if test "$ac_cv_func_glob+set" != set -o "$ac_cv_func_glob" = yes; then
 echo $ac_n "checking if glob needs a prototype""... $ac_c" 1>&6
-echo "configure:5829: checking if glob needs a prototype" >&5
+echo "configure:5841: checking if glob needs a prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_glob_noproto'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5834 "configure"
+#line 5846 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 #include <glob.h>
@@ -5841,7 +5853,7 @@ glob(&xx);
 
 ; return 0; }
 EOF
-if { (eval echo configure:5845: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:5857: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_glob_noproto=yes"
 else
@@ -5928,12 +5940,12 @@ for ac_func in 				\
 	
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5932: checking for $ac_func" >&5
+echo "configure:5944: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5937 "configure"
+#line 5949 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5956,7 +5968,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5960: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5972: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5987,17 +5999,17 @@ for ac_hdr in capability.h sys/capability.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:5991: checking for $ac_hdr" >&5
+echo "configure:6003: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5996 "configure"
+#line 6008 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:6001: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:6013: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -6027,12 +6039,12 @@ done
 for ac_func in sgi_getcapabilitybyname cap_set_proc
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6031: checking for $ac_func" >&5
+echo "configure:6043: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6036 "configure"
+#line 6048 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6055,7 +6067,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6059: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6071: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6086,7 +6098,7 @@ done
 
 
 echo $ac_n "checking for getpwnam_r""... $ac_c" 1>&6
-echo "configure:6090: checking for getpwnam_r" >&5
+echo "configure:6102: checking for getpwnam_r" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_getpwnam_r'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -6101,14 +6113,14 @@ if eval "test \"\$ac_cv_func_getpwnam_r\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 6105 "configure"
+#line 6117 "configure"
 #include "confdefs.h"
 
 int main() {
 getpwnam_r()
 ; return 0; }
 EOF
-if { (eval echo configure:6112: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6124: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_getpwnam_r=$ac_lib; else ac_cv_funclib_getpwnam_r=yes; fi";break
 else
@@ -6169,7 +6181,7 @@ esac
 
 if test "$ac_cv_func_getpwnam_r" = yes; then
 	echo $ac_n "checking if getpwnam_r is posix""... $ac_c" 1>&6
-echo "configure:6173: checking if getpwnam_r is posix" >&5
+echo "configure:6185: checking if getpwnam_r is posix" >&5
 if eval "test \"`echo '$''{'ac_cv_func_getpwnam_r_posix'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -6179,7 +6191,7 @@ else
   :
 else
   cat > conftest.$ac_ext <<EOF
-#line 6183 "configure"
+#line 6195 "configure"
 #include "confdefs.h"
 
 #include <pwd.h>
@@ -6190,7 +6202,7 @@ int main()
 }
 
 EOF
-if { (eval echo configure:6194: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:6206: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_func_getpwnam_r_posix=yes
 else
@@ -6219,7 +6231,7 @@ fi
 
 
 echo $ac_n "checking for getsockopt""... $ac_c" 1>&6
-echo "configure:6223: checking for getsockopt" >&5
+echo "configure:6235: checking for getsockopt" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_getsockopt'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -6234,7 +6246,7 @@ if eval "test \"\$ac_cv_func_getsockopt\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 6238 "configure"
+#line 6250 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -6246,7 +6258,7 @@ int main() {
 getsockopt(0,0,0,0,0)
 ; return 0; }
 EOF
-if { (eval echo configure:6250: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6262: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_getsockopt=$ac_lib; else ac_cv_funclib_getsockopt=yes; fi";break
 else
@@ -6309,7 +6321,7 @@ esac
 
 
 echo $ac_n "checking for setsockopt""... $ac_c" 1>&6
-echo "configure:6313: checking for setsockopt" >&5
+echo "configure:6325: checking for setsockopt" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_setsockopt'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -6324,7 +6336,7 @@ if eval "test \"\$ac_cv_func_setsockopt\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 6328 "configure"
+#line 6340 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -6336,7 +6348,7 @@ int main() {
 setsockopt(0,0,0,0,0)
 ; return 0; }
 EOF
-if { (eval echo configure:6340: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6352: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_setsockopt=$ac_lib; else ac_cv_funclib_setsockopt=yes; fi";break
 else
@@ -6399,12 +6411,12 @@ esac
 for ac_func in getudbnam setlim
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6403: checking for $ac_func" >&5
+echo "configure:6415: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6408 "configure"
+#line 6420 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6427,7 +6439,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6431: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6443: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6457,7 +6469,7 @@ done
 
 
 echo $ac_n "checking for res_search""... $ac_c" 1>&6
-echo "configure:6461: checking for res_search" >&5
+echo "configure:6473: checking for res_search" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_res_search'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -6472,7 +6484,7 @@ if eval "test \"\$ac_cv_func_res_search\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 6476 "configure"
+#line 6488 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -6493,7 +6505,7 @@ int main() {
 res_search(0,0,0,0,0)
 ; return 0; }
 EOF
-if { (eval echo configure:6497: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6509: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_search=$ac_lib; else ac_cv_funclib_res_search=yes; fi";break
 else
@@ -6562,7 +6574,7 @@ fi
 
 
 echo $ac_n "checking for dn_expand""... $ac_c" 1>&6
-echo "configure:6566: checking for dn_expand" >&5
+echo "configure:6578: checking for dn_expand" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_dn_expand'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -6577,7 +6589,7 @@ if eval "test \"\$ac_cv_func_dn_expand\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 6581 "configure"
+#line 6593 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -6598,7 +6610,7 @@ int main() {
 dn_expand(0,0,0,0,0)
 ; return 0; }
 EOF
-if { (eval echo configure:6602: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6614: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_dn_expand=$ac_lib; else ac_cv_funclib_dn_expand=yes; fi";break
 else
@@ -6667,17 +6679,17 @@ for ac_hdr in unistd.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:6671: checking for $ac_hdr" >&5
+echo "configure:6683: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6676 "configure"
+#line 6688 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:6681: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:6693: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -6706,12 +6718,12 @@ done
 for ac_func in getpagesize
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6710: checking for $ac_func" >&5
+echo "configure:6722: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6715 "configure"
+#line 6727 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6734,7 +6746,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6738: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6750: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6759,7 +6771,7 @@ fi
 done
 
 echo $ac_n "checking for working mmap""... $ac_c" 1>&6
-echo "configure:6763: checking for working mmap" >&5
+echo "configure:6775: checking for working mmap" >&5
 if eval "test \"`echo '$''{'ac_cv_func_mmap_fixed_mapped'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -6767,7 +6779,7 @@ else
   ac_cv_func_mmap_fixed_mapped=no
 else
   cat > conftest.$ac_ext <<EOF
-#line 6771 "configure"
+#line 6783 "configure"
 #include "confdefs.h"
 
 /* Thanks to Mike Haertel and Jim Avera for this test.
@@ -6907,7 +6919,7 @@ main()
 }
 
 EOF
-if { (eval echo configure:6911: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:6923: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_func_mmap_fixed_mapped=yes
 else
@@ -6932,19 +6944,19 @@ fi
 # The Ultrix 4.2 mips builtin alloca declared by alloca.h only works
 # for constant arguments.  Useless!
 echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6
-echo "configure:6936: checking for working alloca.h" >&5
+echo "configure:6948: checking for working alloca.h" >&5
 if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6941 "configure"
+#line 6953 "configure"
 #include "confdefs.h"
 #include <alloca.h>
 int main() {
 char *p = alloca(2 * sizeof(int));
 ; return 0; }
 EOF
-if { (eval echo configure:6948: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6960: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_header_alloca_h=yes
 else
@@ -6965,12 +6977,12 @@ EOF
 fi
 
 echo $ac_n "checking for alloca""... $ac_c" 1>&6
-echo "configure:6969: checking for alloca" >&5
+echo "configure:6981: checking for alloca" >&5
 if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6974 "configure"
+#line 6986 "configure"
 #include "confdefs.h"
 
 #ifdef __GNUC__
@@ -6998,7 +7010,7 @@ int main() {
 char *p = (char *) alloca(1);
 ; return 0; }
 EOF
-if { (eval echo configure:7002: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7014: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_func_alloca_works=yes
 else
@@ -7030,12 +7042,12 @@ EOF
 
 
 echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6
-echo "configure:7034: checking whether alloca needs Cray hooks" >&5
+echo "configure:7046: checking whether alloca needs Cray hooks" >&5
 if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7039 "configure"
+#line 7051 "configure"
 #include "confdefs.h"
 #if defined(CRAY) && ! defined(CRAY2)
 webecray
@@ -7060,12 +7072,12 @@ echo "$ac_t""$ac_cv_os_cray" 1>&6
 if test $ac_cv_os_cray = yes; then
 for ac_func in _getb67 GETB67 getb67; do
   echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7064: checking for $ac_func" >&5
+echo "configure:7076: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7069 "configure"
+#line 7081 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7088,7 +7100,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7092: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7104: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7115,7 +7127,7 @@ done
 fi
 
 echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6
-echo "configure:7119: checking stack direction for C alloca" >&5
+echo "configure:7131: checking stack direction for C alloca" >&5
 if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -7123,7 +7135,7 @@ else
   ac_cv_c_stack_direction=0
 else
   cat > conftest.$ac_ext <<EOF
-#line 7127 "configure"
+#line 7139 "configure"
 #include "confdefs.h"
 find_stack_direction ()
 {
@@ -7142,7 +7154,7 @@ main ()
   exit (find_stack_direction() < 0);
 }
 EOF
-if { (eval echo configure:7146: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:7158: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_c_stack_direction=1
 else
@@ -7168,12 +7180,12 @@ fi
 for ac_func in getlogin setlogin
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7172: checking for $ac_func" >&5
+echo "configure:7184: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7177 "configure"
+#line 7189 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7196,7 +7208,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7200: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7212: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7222,7 +7234,7 @@ done
 
 if test "$ac_cv_func_getlogin" = yes; then
 echo $ac_n "checking if getlogin is posix""... $ac_c" 1>&6
-echo "configure:7226: checking if getlogin is posix" >&5
+echo "configure:7238: checking if getlogin is posix" >&5
 if eval "test \"`echo '$''{'ac_cv_func_getlogin_posix'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -7250,7 +7262,7 @@ fi
 
 
 echo $ac_n "checking for hstrerror""... $ac_c" 1>&6
-echo "configure:7254: checking for hstrerror" >&5
+echo "configure:7266: checking for hstrerror" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_hstrerror'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -7265,7 +7277,7 @@ if eval "test \"\$ac_cv_func_hstrerror\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 7269 "configure"
+#line 7281 "configure"
 #include "confdefs.h"
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
@@ -7274,7 +7286,7 @@ int main() {
 hstrerror(17)
 ; return 0; }
 EOF
-if { (eval echo configure:7278: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7290: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_hstrerror=$ac_lib; else ac_cv_funclib_hstrerror=yes; fi";break
 else
@@ -7345,12 +7357,12 @@ if test "$ac_cv_func_hstrerror" = yes; then
 
 if test "$ac_cv_func_hstrerror+set" != set -o "$ac_cv_func_hstrerror" = yes; then
 echo $ac_n "checking if hstrerror needs a prototype""... $ac_c" 1>&6
-echo "configure:7349: checking if hstrerror needs a prototype" >&5
+echo "configure:7361: checking if hstrerror needs a prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_hstrerror_noproto'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7354 "configure"
+#line 7366 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_NETDB_H
@@ -7363,7 +7375,7 @@ hstrerror(&xx);
 
 ; return 0; }
 EOF
-if { (eval echo configure:7367: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:7379: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_hstrerror_noproto=yes"
 else
@@ -7391,12 +7403,12 @@ fi
 for ac_func in chown copyhostent daemon err errx fchown flock fnmatch freehostent
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7395: checking for $ac_func" >&5
+echo "configure:7407: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7400 "configure"
+#line 7412 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7419,7 +7431,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7423: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7435: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7452,12 +7464,12 @@ done
 for ac_func in getcwd getdtablesize gethostname getipnodebyaddr getipnodebyname
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7456: checking for $ac_func" >&5
+echo "configure:7468: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7461 "configure"
+#line 7473 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7480,7 +7492,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7484: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7496: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7513,12 +7525,12 @@ done
 for ac_func in geteuid getgid getegid
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7517: checking for $ac_func" >&5
+echo "configure:7529: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7522 "configure"
+#line 7534 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7541,7 +7553,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7545: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7557: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7574,12 +7586,12 @@ done
 for ac_func in getopt getusershell
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7578: checking for $ac_func" >&5
+echo "configure:7590: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7583 "configure"
+#line 7595 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7602,7 +7614,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7606: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7618: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7635,12 +7647,12 @@ done
 for ac_func in inet_aton inet_ntop inet_pton initgroups innetgr iruserok lstat
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7639: checking for $ac_func" >&5
+echo "configure:7651: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7644 "configure"
+#line 7656 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7663,7 +7675,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7667: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7679: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7696,12 +7708,12 @@ done
 for ac_func in memmove
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7700: checking for $ac_func" >&5
+echo "configure:7712: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7705 "configure"
+#line 7717 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7724,7 +7736,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7728: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7740: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7757,12 +7769,12 @@ done
 for ac_func in mkstemp putenv rcmd readv recvmsg sendmsg setegid setenv seteuid
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7761: checking for $ac_func" >&5
+echo "configure:7773: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7766 "configure"
+#line 7778 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7785,7 +7797,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7801: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7818,12 +7830,12 @@ done
 for ac_func in strcasecmp strncasecmp strdup strerror strftime
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7822: checking for $ac_func" >&5
+echo "configure:7834: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7827 "configure"
+#line 7839 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7846,7 +7858,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7850: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7862: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7879,12 +7891,12 @@ done
 for ac_func in strlcat strlcpy strlwr
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7883: checking for $ac_func" >&5
+echo "configure:7895: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7888 "configure"
+#line 7900 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7907,7 +7919,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7911: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7923: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7940,12 +7952,12 @@ done
 for ac_func in strndup strnlen strptime strsep strtok_r strupr
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7944: checking for $ac_func" >&5
+echo "configure:7956: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7949 "configure"
+#line 7961 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7968,7 +7980,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7972: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7984: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -8001,12 +8013,12 @@ done
 for ac_func in swab unsetenv verr verrx vsyslog
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:8005: checking for $ac_func" >&5
+echo "configure:8017: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8010 "configure"
+#line 8022 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -8029,7 +8041,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:8033: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:8045: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -8062,12 +8074,12 @@ done
 for ac_func in vwarn vwarnx warn warnx writev
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:8066: checking for $ac_func" >&5
+echo "configure:8078: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8071 "configure"
+#line 8083 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -8090,7 +8102,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:8094: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:8106: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -8125,12 +8137,12 @@ if test "$ac_cv_func_gethostname" = "yes"; then
 
 if test "$ac_cv_func_gethostname+set" != set -o "$ac_cv_func_gethostname" = yes; then
 echo $ac_n "checking if gethostname needs a prototype""... $ac_c" 1>&6
-echo "configure:8129: checking if gethostname needs a prototype" >&5
+echo "configure:8141: checking if gethostname needs a prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_gethostname_noproto'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8134 "configure"
+#line 8146 "configure"
 #include "confdefs.h"
 
 #include <unistd.h>
@@ -8141,7 +8153,7 @@ gethostname(&xx);
 
 ; return 0; }
 EOF
-if { (eval echo configure:8145: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8157: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_gethostname_noproto=yes"
 else
@@ -8170,12 +8182,12 @@ if test "$ac_cv_func_mkstemp" = "yes"; then
 
 if test "$ac_cv_func_mkstemp+set" != set -o "$ac_cv_func_mkstemp" = yes; then
 echo $ac_n "checking if mkstemp needs a prototype""... $ac_c" 1>&6
-echo "configure:8174: checking if mkstemp needs a prototype" >&5
+echo "configure:8186: checking if mkstemp needs a prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_mkstemp_noproto'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8179 "configure"
+#line 8191 "configure"
 #include "confdefs.h"
 
 #include <unistd.h>
@@ -8186,7 +8198,7 @@ mkstemp(&xx);
 
 ; return 0; }
 EOF
-if { (eval echo configure:8190: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8202: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_mkstemp_noproto=yes"
 else
@@ -8215,12 +8227,12 @@ if test "$ac_cv_func_inet_aton" = "yes"; then
 
 if test "$ac_cv_func_inet_aton+set" != set -o "$ac_cv_func_inet_aton" = yes; then
 echo $ac_n "checking if inet_aton needs a prototype""... $ac_c" 1>&6
-echo "configure:8219: checking if inet_aton needs a prototype" >&5
+echo "configure:8231: checking if inet_aton needs a prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_inet_aton_noproto'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8224 "configure"
+#line 8236 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_SYS_TYPES_H
@@ -8242,7 +8254,7 @@ inet_aton(&xx);
 
 ; return 0; }
 EOF
-if { (eval echo configure:8246: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8258: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_inet_aton_noproto=yes"
 else
@@ -8268,7 +8280,7 @@ fi
 fi
 
 echo $ac_n "checking if realloc is broken""... $ac_c" 1>&6
-echo "configure:8272: checking if realloc is broken" >&5
+echo "configure:8284: checking if realloc is broken" >&5
 if eval "test \"`echo '$''{'ac_cv_func_realloc_broken'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -8278,7 +8290,7 @@ if test "$cross_compiling" = yes; then
   :
 else
   cat > conftest.$ac_ext <<EOF
-#line 8282 "configure"
+#line 8294 "configure"
 #include "confdefs.h"
 
 #include <stddef.h>
@@ -8290,7 +8302,7 @@ int main()
 }
 
 EOF
-if { (eval echo configure:8294: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:8306: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   :
 else
@@ -8316,7 +8328,7 @@ fi
 
 if test "$ac_cv_func_getcwd" = yes; then
 echo $ac_n "checking if getcwd is broken""... $ac_c" 1>&6
-echo "configure:8320: checking if getcwd is broken" >&5
+echo "configure:8332: checking if getcwd is broken" >&5
 if eval "test \"`echo '$''{'ac_cv_func_getcwd_broken'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -8327,7 +8339,7 @@ if test "$cross_compiling" = yes; then
   :
 else
   cat > conftest.$ac_ext <<EOF
-#line 8331 "configure"
+#line 8343 "configure"
 #include "confdefs.h"
 
 #include <errno.h>
@@ -8349,7 +8361,7 @@ int main()
 }
 
 EOF
-if { (eval echo configure:8353: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:8365: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_func_getcwd_broken=yes
 else
@@ -8378,7 +8390,7 @@ fi
 
 
 echo $ac_n "checking which authentication modules should be built""... $ac_c" 1>&6
-echo "configure:8382: checking which authentication modules should be built" >&5
+echo "configure:8394: checking which authentication modules should be built" >&5
 
 LIB_AUTH_SUBDIRS=
 
@@ -8398,27 +8410,14 @@ echo "$ac_t""$LIB_AUTH_SUBDIRS" 1>&6
 
 
 
-echo $ac_n "checking for tunnel devices""... $ac_c" 1>&6
-echo "configure:8403: checking for tunnel devices" >&5
-
-APPL_KIP_DIR=
-
-if test "$ac_cv_header_net_if_tun_h" = "yes"; then
-	APPL_KIP_DIR=kip
-fi
-
-echo "$ac_t""$ac_cv_header_net_if_tun_h" 1>&6
-
-
-
 
 echo $ac_n "checking if gethostbyname is compatible with system prototype""... $ac_c" 1>&6
-echo "configure:8417: checking if gethostbyname is compatible with system prototype" >&5
+echo "configure:8416: checking if gethostbyname is compatible with system prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_gethostbyname_proto_compat'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8422 "configure"
+#line 8421 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_SYS_TYPES_H
@@ -8441,7 +8440,7 @@ int main() {
 struct hostent *gethostbyname(const char *);
 ; return 0; }
 EOF
-if { (eval echo configure:8445: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8444: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_gethostbyname_proto_compat=yes"
 else
@@ -8466,12 +8465,12 @@ fi
 
 
 echo $ac_n "checking if gethostbyaddr is compatible with system prototype""... $ac_c" 1>&6
-echo "configure:8470: checking if gethostbyaddr is compatible with system prototype" >&5
+echo "configure:8469: checking if gethostbyaddr is compatible with system prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_gethostbyaddr_proto_compat'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8475 "configure"
+#line 8474 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_SYS_TYPES_H
@@ -8494,7 +8493,7 @@ int main() {
 struct hostent *gethostbyaddr(const void *, size_t, int);
 ; return 0; }
 EOF
-if { (eval echo configure:8498: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8497: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_gethostbyaddr_proto_compat=yes"
 else
@@ -8519,12 +8518,12 @@ fi
 
 
 echo $ac_n "checking if getservbyname is compatible with system prototype""... $ac_c" 1>&6
-echo "configure:8523: checking if getservbyname is compatible with system prototype" >&5
+echo "configure:8522: checking if getservbyname is compatible with system prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_getservbyname_proto_compat'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8528 "configure"
+#line 8527 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_SYS_TYPES_H
@@ -8547,7 +8546,7 @@ int main() {
 struct servent *getservbyname(const char *, const char *);
 ; return 0; }
 EOF
-if { (eval echo configure:8551: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8550: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_getservbyname_proto_compat=yes"
 else
@@ -8572,12 +8571,12 @@ fi
 
 
 echo $ac_n "checking if openlog is compatible with system prototype""... $ac_c" 1>&6
-echo "configure:8576: checking if openlog is compatible with system prototype" >&5
+echo "configure:8575: checking if openlog is compatible with system prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_openlog_proto_compat'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8581 "configure"
+#line 8580 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_SYSLOG_H
@@ -8588,7 +8587,7 @@ int main() {
 void openlog(const char *, int, int);
 ; return 0; }
 EOF
-if { (eval echo configure:8592: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8591: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_openlog_proto_compat=yes"
 else
@@ -8614,12 +8613,12 @@ fi
 
 if test "$ac_cv_func_crypt+set" != set -o "$ac_cv_func_crypt" = yes; then
 echo $ac_n "checking if crypt needs a prototype""... $ac_c" 1>&6
-echo "configure:8618: checking if crypt needs a prototype" >&5
+echo "configure:8617: checking if crypt needs a prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_crypt_noproto'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8623 "configure"
+#line 8622 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_CRYPT_H
@@ -8636,7 +8635,7 @@ crypt(&xx);
 
 ; return 0; }
 EOF
-if { (eval echo configure:8640: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8639: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_crypt_noproto=yes"
 else
@@ -8663,12 +8662,12 @@ fi
 
 if test "$ac_cv_func_fclose+set" != set -o "$ac_cv_func_fclose" = yes; then
 echo $ac_n "checking if fclose needs a prototype""... $ac_c" 1>&6
-echo "configure:8667: checking if fclose needs a prototype" >&5
+echo "configure:8666: checking if fclose needs a prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_fclose_noproto'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8672 "configure"
+#line 8671 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -8680,7 +8679,7 @@ fclose(&xx);
 
 ; return 0; }
 EOF
-if { (eval echo configure:8684: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8683: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_fclose_noproto=yes"
 else
@@ -8707,12 +8706,12 @@ fi
 
 if test "$ac_cv_func_strtok_r+set" != set -o "$ac_cv_func_strtok_r" = yes; then
 echo $ac_n "checking if strtok_r needs a prototype""... $ac_c" 1>&6
-echo "configure:8711: checking if strtok_r needs a prototype" >&5
+echo "configure:8710: checking if strtok_r needs a prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_strtok_r_noproto'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8716 "configure"
+#line 8715 "configure"
 #include "confdefs.h"
 
 #include <string.h>
@@ -8724,7 +8723,7 @@ strtok_r(&xx);
 
 ; return 0; }
 EOF
-if { (eval echo configure:8728: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8727: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_strtok_r_noproto=yes"
 else
@@ -8751,12 +8750,12 @@ fi
 
 if test "$ac_cv_func_strsep+set" != set -o "$ac_cv_func_strsep" = yes; then
 echo $ac_n "checking if strsep needs a prototype""... $ac_c" 1>&6
-echo "configure:8755: checking if strsep needs a prototype" >&5
+echo "configure:8754: checking if strsep needs a prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_strsep_noproto'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8760 "configure"
+#line 8759 "configure"
 #include "confdefs.h"
 
 #include <string.h>
@@ -8768,7 +8767,7 @@ strsep(&xx);
 
 ; return 0; }
 EOF
-if { (eval echo configure:8772: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8771: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_strsep_noproto=yes"
 else
@@ -8795,12 +8794,12 @@ fi
 
 if test "$ac_cv_func_getusershell+set" != set -o "$ac_cv_func_getusershell" = yes; then
 echo $ac_n "checking if getusershell needs a prototype""... $ac_c" 1>&6
-echo "configure:8799: checking if getusershell needs a prototype" >&5
+echo "configure:8798: checking if getusershell needs a prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_getusershell_noproto'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8804 "configure"
+#line 8803 "configure"
 #include "confdefs.h"
 
 #include <unistd.h>
@@ -8812,7 +8811,7 @@ getusershell(&xx);
 
 ; return 0; }
 EOF
-if { (eval echo configure:8816: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8815: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_getusershell_noproto=yes"
 else
@@ -8839,12 +8838,12 @@ fi
 
 if test "$ac_cv_func_utime+set" != set -o "$ac_cv_func_utime" = yes; then
 echo $ac_n "checking if utime needs a prototype""... $ac_c" 1>&6
-echo "configure:8843: checking if utime needs a prototype" >&5
+echo "configure:8842: checking if utime needs a prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_utime_noproto'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8848 "configure"
+#line 8847 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_UTIME_H
@@ -8858,7 +8857,7 @@ utime(&xx);
 
 ; return 0; }
 EOF
-if { (eval echo configure:8862: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8861: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_utime_noproto=yes"
 else
@@ -8884,13 +8883,13 @@ fi
 
 
 echo $ac_n "checking for h_errno""... $ac_c" 1>&6
-echo "configure:8888: checking for h_errno" >&5
+echo "configure:8887: checking for h_errno" >&5
 if eval "test \"`echo '$''{'ac_cv_var_h_errno'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 8894 "configure"
+#line 8893 "configure"
 #include "confdefs.h"
 extern int h_errno;
 int foo() { return h_errno; }
@@ -8898,7 +8897,7 @@ int main() {
 foo()
 ; return 0; }
 EOF
-if { (eval echo configure:8902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:8901: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_var_h_errno=yes
 else
@@ -8921,13 +8920,13 @@ EOF
 
 	
 echo $ac_n "checking if h_errno is properly declared""... $ac_c" 1>&6
-echo "configure:8925: checking if h_errno is properly declared" >&5
+echo "configure:8924: checking if h_errno is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var_h_errno_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 8931 "configure"
+#line 8930 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -8940,7 +8939,7 @@ int main() {
 h_errno.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:8944: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8943: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var_h_errno_declaration=no"
 else
@@ -8971,13 +8970,13 @@ fi
 
 
 echo $ac_n "checking for h_errlist""... $ac_c" 1>&6
-echo "configure:8975: checking for h_errlist" >&5
+echo "configure:8974: checking for h_errlist" >&5
 if eval "test \"`echo '$''{'ac_cv_var_h_errlist'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 8981 "configure"
+#line 8980 "configure"
 #include "confdefs.h"
 extern int h_errlist;
 int foo() { return h_errlist; }
@@ -8985,7 +8984,7 @@ int main() {
 foo()
 ; return 0; }
 EOF
-if { (eval echo configure:8989: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:8988: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_var_h_errlist=yes
 else
@@ -9008,13 +9007,13 @@ EOF
 
 	
 echo $ac_n "checking if h_errlist is properly declared""... $ac_c" 1>&6
-echo "configure:9012: checking if h_errlist is properly declared" >&5
+echo "configure:9011: checking if h_errlist is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var_h_errlist_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9018 "configure"
+#line 9017 "configure"
 #include "confdefs.h"
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
@@ -9024,7 +9023,7 @@ int main() {
 h_errlist.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:9028: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9027: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var_h_errlist_declaration=no"
 else
@@ -9055,13 +9054,13 @@ fi
 
 
 echo $ac_n "checking for h_nerr""... $ac_c" 1>&6
-echo "configure:9059: checking for h_nerr" >&5
+echo "configure:9058: checking for h_nerr" >&5
 if eval "test \"`echo '$''{'ac_cv_var_h_nerr'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9065 "configure"
+#line 9064 "configure"
 #include "confdefs.h"
 extern int h_nerr;
 int foo() { return h_nerr; }
@@ -9069,7 +9068,7 @@ int main() {
 foo()
 ; return 0; }
 EOF
-if { (eval echo configure:9073: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:9072: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_var_h_nerr=yes
 else
@@ -9092,13 +9091,13 @@ EOF
 
 	
 echo $ac_n "checking if h_nerr is properly declared""... $ac_c" 1>&6
-echo "configure:9096: checking if h_nerr is properly declared" >&5
+echo "configure:9095: checking if h_nerr is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var_h_nerr_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9102 "configure"
+#line 9101 "configure"
 #include "confdefs.h"
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
@@ -9108,7 +9107,7 @@ int main() {
 h_nerr.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:9112: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9111: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var_h_nerr_declaration=no"
 else
@@ -9139,13 +9138,13 @@ fi
 
 
 echo $ac_n "checking for __progname""... $ac_c" 1>&6
-echo "configure:9143: checking for __progname" >&5
+echo "configure:9142: checking for __progname" >&5
 if eval "test \"`echo '$''{'ac_cv_var___progname'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9149 "configure"
+#line 9148 "configure"
 #include "confdefs.h"
 extern int __progname;
 int foo() { return __progname; }
@@ -9153,7 +9152,7 @@ int main() {
 foo()
 ; return 0; }
 EOF
-if { (eval echo configure:9157: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:9156: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_var___progname=yes
 else
@@ -9176,13 +9175,13 @@ EOF
 
 	
 echo $ac_n "checking if __progname is properly declared""... $ac_c" 1>&6
-echo "configure:9180: checking if __progname is properly declared" >&5
+echo "configure:9179: checking if __progname is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var___progname_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9186 "configure"
+#line 9185 "configure"
 #include "confdefs.h"
 #ifdef HAVE_ERR_H
 #include <err.h>
@@ -9192,7 +9191,7 @@ int main() {
 __progname.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:9196: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9195: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var___progname_declaration=no"
 else
@@ -9223,13 +9222,13 @@ fi
 
 
 echo $ac_n "checking if optarg is properly declared""... $ac_c" 1>&6
-echo "configure:9227: checking if optarg is properly declared" >&5
+echo "configure:9226: checking if optarg is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var_optarg_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9233 "configure"
+#line 9232 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #ifdef HAVE_UNISTD_H
@@ -9240,7 +9239,7 @@ int main() {
 optarg.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:9244: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9243: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var_optarg_declaration=no"
 else
@@ -9267,13 +9266,13 @@ fi
 
 
 echo $ac_n "checking if optind is properly declared""... $ac_c" 1>&6
-echo "configure:9271: checking if optind is properly declared" >&5
+echo "configure:9270: checking if optind is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var_optind_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9277 "configure"
+#line 9276 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #ifdef HAVE_UNISTD_H
@@ -9284,7 +9283,7 @@ int main() {
 optind.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:9288: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9287: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var_optind_declaration=no"
 else
@@ -9311,13 +9310,13 @@ fi
 
 
 echo $ac_n "checking if opterr is properly declared""... $ac_c" 1>&6
-echo "configure:9315: checking if opterr is properly declared" >&5
+echo "configure:9314: checking if opterr is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var_opterr_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9321 "configure"
+#line 9320 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #ifdef HAVE_UNISTD_H
@@ -9328,7 +9327,7 @@ int main() {
 opterr.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:9332: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9331: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var_opterr_declaration=no"
 else
@@ -9355,13 +9354,13 @@ fi
 
 
 echo $ac_n "checking if optopt is properly declared""... $ac_c" 1>&6
-echo "configure:9359: checking if optopt is properly declared" >&5
+echo "configure:9358: checking if optopt is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var_optopt_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9365 "configure"
+#line 9364 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #ifdef HAVE_UNISTD_H
@@ -9372,7 +9371,7 @@ int main() {
 optopt.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:9376: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9375: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var_optopt_declaration=no"
 else
@@ -9400,13 +9399,13 @@ fi
 
 
 echo $ac_n "checking if environ is properly declared""... $ac_c" 1>&6
-echo "configure:9404: checking if environ is properly declared" >&5
+echo "configure:9403: checking if environ is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var_environ_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9410 "configure"
+#line 9409 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 extern struct { int foo; } environ;
@@ -9414,7 +9413,7 @@ int main() {
 environ.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:9418: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9417: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var_environ_declaration=no"
 else
@@ -9441,12 +9440,12 @@ fi
 
 
 echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6
-echo "configure:9445: checking return type of signal handlers" >&5
+echo "configure:9444: checking return type of signal handlers" >&5
 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 9450 "configure"
+#line 9449 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <signal.h>
@@ -9463,7 +9462,7 @@ int main() {
 int i;
 ; return 0; }
 EOF
-if { (eval echo configure:9467: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9466: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_signal=void
 else
@@ -9492,13 +9491,13 @@ fi
 
 
 echo $ac_n "checking for ut_addr in struct utmp""... $ac_c" 1>&6
-echo "configure:9496: checking for ut_addr in struct utmp" >&5
+echo "configure:9495: checking for ut_addr in struct utmp" >&5
 if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_addr'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9502 "configure"
+#line 9501 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
  #include <utmp.h>
@@ -9506,7 +9505,7 @@ int main() {
 struct utmp x; x.ut_addr;
 ; return 0; }
 EOF
-if { (eval echo configure:9510: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9509: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_struct_utmp_ut_addr=yes
 else
@@ -9532,13 +9531,13 @@ fi
 
 
 echo $ac_n "checking for ut_host in struct utmp""... $ac_c" 1>&6
-echo "configure:9536: checking for ut_host in struct utmp" >&5
+echo "configure:9535: checking for ut_host in struct utmp" >&5
 if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_host'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9542 "configure"
+#line 9541 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
  #include <utmp.h>
@@ -9546,7 +9545,7 @@ int main() {
 struct utmp x; x.ut_host;
 ; return 0; }
 EOF
-if { (eval echo configure:9550: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9549: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_struct_utmp_ut_host=yes
 else
@@ -9572,13 +9571,13 @@ fi
 
 
 echo $ac_n "checking for ut_id in struct utmp""... $ac_c" 1>&6
-echo "configure:9576: checking for ut_id in struct utmp" >&5
+echo "configure:9575: checking for ut_id in struct utmp" >&5
 if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_id'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9582 "configure"
+#line 9581 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
  #include <utmp.h>
@@ -9586,7 +9585,7 @@ int main() {
 struct utmp x; x.ut_id;
 ; return 0; }
 EOF
-if { (eval echo configure:9590: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9589: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_struct_utmp_ut_id=yes
 else
@@ -9612,13 +9611,13 @@ fi
 
 
 echo $ac_n "checking for ut_pid in struct utmp""... $ac_c" 1>&6
-echo "configure:9616: checking for ut_pid in struct utmp" >&5
+echo "configure:9615: checking for ut_pid in struct utmp" >&5
 if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_pid'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9622 "configure"
+#line 9621 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
  #include <utmp.h>
@@ -9626,7 +9625,7 @@ int main() {
 struct utmp x; x.ut_pid;
 ; return 0; }
 EOF
-if { (eval echo configure:9630: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9629: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_struct_utmp_ut_pid=yes
 else
@@ -9652,13 +9651,13 @@ fi
 
 
 echo $ac_n "checking for ut_type in struct utmp""... $ac_c" 1>&6
-echo "configure:9656: checking for ut_type in struct utmp" >&5
+echo "configure:9655: checking for ut_type in struct utmp" >&5
 if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_type'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9662 "configure"
+#line 9661 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
  #include <utmp.h>
@@ -9666,7 +9665,7 @@ int main() {
 struct utmp x; x.ut_type;
 ; return 0; }
 EOF
-if { (eval echo configure:9670: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9669: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_struct_utmp_ut_type=yes
 else
@@ -9692,13 +9691,13 @@ fi
 
 
 echo $ac_n "checking for ut_user in struct utmp""... $ac_c" 1>&6
-echo "configure:9696: checking for ut_user in struct utmp" >&5
+echo "configure:9695: checking for ut_user in struct utmp" >&5
 if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_user'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9702 "configure"
+#line 9701 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
  #include <utmp.h>
@@ -9706,7 +9705,7 @@ int main() {
 struct utmp x; x.ut_user;
 ; return 0; }
 EOF
-if { (eval echo configure:9710: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9709: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_struct_utmp_ut_user=yes
 else
@@ -9732,13 +9731,13 @@ fi
 
 
 echo $ac_n "checking for ut_exit in struct utmpx""... $ac_c" 1>&6
-echo "configure:9736: checking for ut_exit in struct utmpx" >&5
+echo "configure:9735: checking for ut_exit in struct utmpx" >&5
 if eval "test \"`echo '$''{'ac_cv_type_struct_utmpx_ut_exit'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9742 "configure"
+#line 9741 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
  #include <utmp.h>
@@ -9746,7 +9745,7 @@ int main() {
 struct utmpx x; x.ut_exit;
 ; return 0; }
 EOF
-if { (eval echo configure:9750: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9749: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_struct_utmpx_ut_exit=yes
 else
@@ -9772,13 +9771,13 @@ fi
 
 
 echo $ac_n "checking for ut_syslen in struct utmpx""... $ac_c" 1>&6
-echo "configure:9776: checking for ut_syslen in struct utmpx" >&5
+echo "configure:9775: checking for ut_syslen in struct utmpx" >&5
 if eval "test \"`echo '$''{'ac_cv_type_struct_utmpx_ut_syslen'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9782 "configure"
+#line 9781 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
  #include <utmp.h>
@@ -9786,7 +9785,7 @@ int main() {
 struct utmpx x; x.ut_syslen;
 ; return 0; }
 EOF
-if { (eval echo configure:9790: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9789: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_struct_utmpx_ut_syslen=yes
 else
@@ -9814,20 +9813,20 @@ fi
 
 
 echo $ac_n "checking for tm_gmtoff in struct tm""... $ac_c" 1>&6
-echo "configure:9818: checking for tm_gmtoff in struct tm" >&5
+echo "configure:9817: checking for tm_gmtoff in struct tm" >&5
 if eval "test \"`echo '$''{'ac_cv_type_struct_tm_tm_gmtoff'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9824 "configure"
+#line 9823 "configure"
 #include "confdefs.h"
 #include <time.h>
 int main() {
 struct tm x; x.tm_gmtoff;
 ; return 0; }
 EOF
-if { (eval echo configure:9831: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9830: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_struct_tm_tm_gmtoff=yes
 else
@@ -9853,20 +9852,20 @@ fi
 
 
 echo $ac_n "checking for tm_zone in struct tm""... $ac_c" 1>&6
-echo "configure:9857: checking for tm_zone in struct tm" >&5
+echo "configure:9856: checking for tm_zone in struct tm" >&5
 if eval "test \"`echo '$''{'ac_cv_type_struct_tm_tm_zone'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9863 "configure"
+#line 9862 "configure"
 #include "confdefs.h"
 #include <time.h>
 int main() {
 struct tm x; x.tm_zone;
 ; return 0; }
 EOF
-if { (eval echo configure:9870: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9869: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_struct_tm_tm_zone=yes
 else
@@ -9893,13 +9892,13 @@ fi
 
 
 echo $ac_n "checking for timezone""... $ac_c" 1>&6
-echo "configure:9897: checking for timezone" >&5
+echo "configure:9896: checking for timezone" >&5
 if eval "test \"`echo '$''{'ac_cv_var_timezone'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9903 "configure"
+#line 9902 "configure"
 #include "confdefs.h"
 extern int timezone;
 int foo() { return timezone; }
@@ -9907,7 +9906,7 @@ int main() {
 foo()
 ; return 0; }
 EOF
-if { (eval echo configure:9911: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:9910: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_var_timezone=yes
 else
@@ -9930,13 +9929,13 @@ EOF
 
 	
 echo $ac_n "checking if timezone is properly declared""... $ac_c" 1>&6
-echo "configure:9934: checking if timezone is properly declared" >&5
+echo "configure:9933: checking if timezone is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var_timezone_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9940 "configure"
+#line 9939 "configure"
 #include "confdefs.h"
 #include <time.h>
 extern struct { int foo; } timezone;
@@ -9944,7 +9943,7 @@ int main() {
 timezone.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:9948: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9947: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var_timezone_declaration=no"
 else
@@ -9976,12 +9975,12 @@ fi
 
 cv=`echo "sa_family_t" | sed 'y%./+- %__p__%'`
 echo $ac_n "checking for sa_family_t""... $ac_c" 1>&6
-echo "configure:9980: checking for sa_family_t" >&5
+echo "configure:9979: checking for sa_family_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_$cv'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 9985 "configure"
+#line 9984 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -9993,7 +9992,7 @@ int main() {
 sa_family_t foo;
 ; return 0; }
 EOF
-if { (eval echo configure:9997: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9996: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_type_$cv=yes"
 else
@@ -10020,14 +10019,60 @@ fi
 
 
 
+cv=`echo "socklen_t" | sed 'y%./+- %__p__%'`
+echo $ac_n "checking for socklen_t""... $ac_c" 1>&6
+echo "configure:10025: checking for socklen_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_$cv'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10030 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+#include <sys/socket.h>
+int main() {
+socklen_t foo;
+; return 0; }
+EOF
+if { (eval echo configure:10042: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_type_$cv=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_type_$cv=no"
+fi
+rm -f conftest*
+fi
+echo "$ac_t""`eval echo \\$ac_cv_type_$cv`" 1>&6
+if test `eval echo \\$ac_cv_type_$cv` = yes; then
+  ac_tr_hdr=HAVE_`echo socklen_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+
+: << END
+@@@funcs="$funcs socklen_t"@@@
+END
+
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+fi
+
+ 
+
 cv=`echo "struct sockaddr_storage" | sed 'y%./+- %__p__%'`
 echo $ac_n "checking for struct sockaddr_storage""... $ac_c" 1>&6
-echo "configure:10026: checking for struct sockaddr_storage" >&5
+echo "configure:10071: checking for struct sockaddr_storage" >&5
 if eval "test \"`echo '$''{'ac_cv_type_$cv'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 10031 "configure"
+#line 10076 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -10039,7 +10084,7 @@ int main() {
 struct sockaddr_storage foo;
 ; return 0; }
 EOF
-if { (eval echo configure:10043: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10088: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_type_$cv=yes"
 else
@@ -10067,13 +10112,13 @@ fi
 
 
 echo $ac_n "checking for struct spwd""... $ac_c" 1>&6
-echo "configure:10071: checking for struct spwd" >&5
+echo "configure:10116: checking for struct spwd" >&5
 if eval "test \"`echo '$''{'ac_cv_struct_spwd'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 10077 "configure"
+#line 10122 "configure"
 #include "confdefs.h"
 #include <pwd.h>
 #ifdef HAVE_SHADOW_H
@@ -10083,7 +10128,7 @@ int main() {
 struct spwd foo;
 ; return 0; }
 EOF
-if { (eval echo configure:10087: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10132: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_struct_spwd=yes
 else
@@ -10107,12 +10152,12 @@ fi
 
 
 echo $ac_n "checking for st_blksize in struct stat""... $ac_c" 1>&6
-echo "configure:10111: checking for st_blksize in struct stat" >&5
+echo "configure:10156: checking for st_blksize in struct stat" >&5
 if eval "test \"`echo '$''{'ac_cv_struct_st_blksize'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 10116 "configure"
+#line 10161 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -10120,7 +10165,7 @@ int main() {
 struct stat s; s.st_blksize;
 ; return 0; }
 EOF
-if { (eval echo configure:10124: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10169: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_struct_st_blksize=yes
 else
@@ -10144,7 +10189,7 @@ fi
 
 
 echo $ac_n "checking for struct winsize""... $ac_c" 1>&6
-echo "configure:10148: checking for struct winsize" >&5
+echo "configure:10193: checking for struct winsize" >&5
 if eval "test \"`echo '$''{'ac_cv_struct_winsize'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10152,7 +10197,7 @@ else
 ac_cv_struct_winsize=no
 for i in sys/termios.h sys/ioctl.h; do
 cat > conftest.$ac_ext <<EOF
-#line 10156 "configure"
+#line 10201 "configure"
 #include "confdefs.h"
 #include <$i>
 EOF
@@ -10174,7 +10219,7 @@ EOF
 fi
 echo "$ac_t""$ac_cv_struct_winsize" 1>&6
 cat > conftest.$ac_ext <<EOF
-#line 10178 "configure"
+#line 10223 "configure"
 #include "confdefs.h"
 #include <termios.h>
 EOF
@@ -10189,7 +10234,7 @@ fi
 rm -f conftest*
 
 cat > conftest.$ac_ext <<EOF
-#line 10193 "configure"
+#line 10238 "configure"
 #include "confdefs.h"
 #include <termios.h>
 EOF
@@ -10207,12 +10252,12 @@ rm -f conftest*
 
 
 echo $ac_n "checking for pid_t""... $ac_c" 1>&6
-echo "configure:10211: checking for pid_t" >&5
+echo "configure:10256: checking for pid_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 10216 "configure"
+#line 10261 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -10240,12 +10285,12 @@ EOF
 fi
 
 echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6
-echo "configure:10244: checking for uid_t in sys/types.h" >&5
+echo "configure:10289: checking for uid_t in sys/types.h" >&5
 if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 10249 "configure"
+#line 10294 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 EOF
@@ -10274,12 +10319,12 @@ EOF
 fi
 
 echo $ac_n "checking for off_t""... $ac_c" 1>&6
-echo "configure:10278: checking for off_t" >&5
+echo "configure:10323: checking for off_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 10283 "configure"
+#line 10328 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -10307,12 +10352,12 @@ EOF
 fi
 
 echo $ac_n "checking for size_t""... $ac_c" 1>&6
-echo "configure:10311: checking for size_t" >&5
+echo "configure:10356: checking for size_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 10316 "configure"
+#line 10361 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -10341,12 +10386,12 @@ fi
 
 
 echo $ac_n "checking for ssize_t""... $ac_c" 1>&6
-echo "configure:10345: checking for ssize_t" >&5
+echo "configure:10390: checking for ssize_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_ssize_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 10350 "configure"
+#line 10395 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -10378,15 +10423,50 @@ EOF
 fi
 
 
+echo $ac_n "checking for sig_atomic_t""... $ac_c" 1>&6
+echo "configure:10428: checking for sig_atomic_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_sig_atomic_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10433 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+#include <signal.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "sig_atomic_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_type_sig_atomic_t=yes
+else
+  rm -rf conftest*
+  ac_cv_type_sig_atomic_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_sig_atomic_t" 1>&6
+if test $ac_cv_type_sig_atomic_t = no; then
+  cat >> confdefs.h <<\EOF
+#define sig_atomic_t int
+EOF
+
+fi
+
+
 
 echo $ac_n "checking for broken sys/socket.h""... $ac_c" 1>&6
-echo "configure:10384: checking for broken sys/socket.h" >&5
+echo "configure:10464: checking for broken sys/socket.h" >&5
 if eval "test \"`echo '$''{'krb_cv_header_sys_socket_h_broken'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 10390 "configure"
+#line 10470 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -10395,7 +10475,7 @@ int main() {
 
 ; return 0; }
 EOF
-if { (eval echo configure:10399: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10479: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   krb_cv_header_sys_socket_h_broken=no
 else
@@ -10412,13 +10492,13 @@ echo "$ac_t""$krb_cv_header_sys_socket_h_broken" 1>&6
 
 
 echo $ac_n "checking for broken netdb.h""... $ac_c" 1>&6
-echo "configure:10416: checking for broken netdb.h" >&5
+echo "configure:10496: checking for broken netdb.h" >&5
 if eval "test \"`echo '$''{'krb_cv_header_netdb_h_broken'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 10422 "configure"
+#line 10502 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <netdb.h>
@@ -10427,7 +10507,7 @@ int main() {
 
 ; return 0; }
 EOF
-if { (eval echo configure:10431: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10511: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   krb_cv_header_netdb_h_broken=no
 else
@@ -10449,13 +10529,13 @@ fi
 
 
 echo $ac_n "checking for sa_len in struct sockaddr""... $ac_c" 1>&6
-echo "configure:10453: checking for sa_len in struct sockaddr" >&5
+echo "configure:10533: checking for sa_len in struct sockaddr" >&5
 if eval "test \"`echo '$''{'ac_cv_type_struct_sockaddr_sa_len'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 10459 "configure"
+#line 10539 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -10463,7 +10543,7 @@ int main() {
 struct sockaddr x; x.sa_len;
 ; return 0; }
 EOF
-if { (eval echo configure:10467: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10547: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_struct_sockaddr_sa_len=yes
 else
@@ -10492,20 +10572,20 @@ if test "$ac_cv_header_siad_h" = yes; then
 
 
 echo $ac_n "checking for ouid in SIAENTITY""... $ac_c" 1>&6
-echo "configure:10496: checking for ouid in SIAENTITY" >&5
+echo "configure:10576: checking for ouid in SIAENTITY" >&5
 if eval "test \"`echo '$''{'ac_cv_type_siaentity_ouid'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 10502 "configure"
+#line 10582 "configure"
 #include "confdefs.h"
 #include <siad.h>
 int main() {
 SIAENTITY x; x.ouid;
 ; return 0; }
 EOF
-if { (eval echo configure:10509: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10589: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_siaentity_ouid=yes
 else
@@ -10531,101 +10611,98 @@ fi
 fi
 
 
-for ac_func in getmsg
-do
-echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:10538: checking for $ac_func" >&5
-if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+echo $ac_n "checking for getmsg""... $ac_c" 1>&6
+echo "configure:10616: checking for getmsg" >&5
+if eval "test \"`echo '$''{'ac_cv_func_getmsg'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 10543 "configure"
+#line 10621 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func(); below.  */
+    which can conflict with char getmsg(); below.  */
 #include <assert.h>
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
     builtin and then its argument prototype would still apply.  */
-char $ac_func();
+char getmsg();
 
 int main() {
 
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined (__stub_getmsg) || defined (__stub___getmsg)
 choke me
 #else
-$ac_func();
+getmsg();
 #endif
 
 ; return 0; }
 EOF
-if { (eval echo configure:10566: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:10644: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
-  eval "ac_cv_func_$ac_func=yes"
+  eval "ac_cv_func_getmsg=yes"
 else
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
   rm -rf conftest*
-  eval "ac_cv_func_$ac_func=no"
+  eval "ac_cv_func_getmsg=no"
 fi
 rm -f conftest*
 fi
 
-if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+if eval "test \"`echo '$ac_cv_func_'getmsg`\" = yes"; then
   echo "$ac_t""yes" 1>&6
-    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_func 1
-EOF
- 
+  :
 else
   echo "$ac_t""no" 1>&6
 fi
-done
 
 
-if test "$ac_cf_func_getmsg" = "yes"; then
+if test "$ac_cv_func_getmsg" = "yes"; then
 
 echo $ac_n "checking for working getmsg""... $ac_c" 1>&6
-echo "configure:10594: checking for working getmsg" >&5
-if eval "test \"`echo '$''{'ac_cv_func_getmsg'+set}'`\" = set"; then
+echo "configure:10667: checking for working getmsg" >&5
+if eval "test \"`echo '$''{'ac_cv_func_getmsg_work'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   if test "$cross_compiling" = yes; then
-  ac_cv_func_getmsg=no
+  ac_cv_func_getmsg_work=no
 else
   cat > conftest.$ac_ext <<EOF
-#line 10602 "configure"
+#line 10675 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
+#include <errno.h>
 
 int main()
 {
-  getmsg(open("/dev/null", 0), NULL, NULL, NULL);
+  int ret;
+  ret = getmsg(open("/dev/null", 0), NULL, NULL, NULL);
+  if(ret < 0 && errno == ENOSYS)
+    return 1;
   return 0;
 }
 
 EOF
-if { (eval echo configure:10614: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10691: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
-  ac_cv_func_getmsg=yes
+  ac_cv_func_getmsg_work=yes
 else
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
   rm -fr conftest*
-  ac_cv_func_getmsg=no
+  ac_cv_func_getmsg_work=no
 fi
 rm -fr conftest*
 fi
 
 fi
 
-echo "$ac_t""$ac_cv_func_getmsg" 1>&6
-test "$ac_cv_func_getmsg" = "yes" &&
+echo "$ac_t""$ac_cv_func_getmsg_work" 1>&6
+test "$ac_cv_func_getmsg_work" = "yes" &&
 cat >> confdefs.h <<\EOF
 #define HAVE_GETMSG 1
 EOF
@@ -10639,7 +10716,7 @@ fi
 
 
 echo $ac_n "checking for el_init""... $ac_c" 1>&6
-echo "configure:10643: checking for el_init" >&5
+echo "configure:10720: checking for el_init" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_el_init'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10654,14 +10731,14 @@ if eval "test \"\$ac_cv_func_el_init\" != yes" ; then
 		fi
 		LIBS=" $ac_lib $LIB_tgetent $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 10658 "configure"
+#line 10735 "configure"
 #include "confdefs.h"
 
 int main() {
 el_init()
 ; return 0; }
 EOF
-if { (eval echo configure:10665: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:10742: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_el_init=$ac_lib; else ac_cv_funclib_el_init=yes; fi";break
 else
@@ -10722,13 +10799,13 @@ esac
 
 if test "$ac_cv_func_el_init" = yes ; then
 	echo $ac_n "checking for four argument el_init""... $ac_c" 1>&6
-echo "configure:10726: checking for four argument el_init" >&5
+echo "configure:10803: checking for four argument el_init" >&5
 if eval "test \"`echo '$''{'ac_cv_func_el_init_four'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 		cat > conftest.$ac_ext <<EOF
-#line 10732 "configure"
+#line 10809 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 			#include <histedit.h>
@@ -10736,7 +10813,7 @@ int main() {
 el_init("", NULL, NULL, NULL);
 ; return 0; }
 EOF
-if { (eval echo configure:10740: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10817: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_func_el_init_four=yes
 else
@@ -10764,7 +10841,7 @@ LIBS="$LIB_tgetent $LIBS"
 
 
 echo $ac_n "checking for readline""... $ac_c" 1>&6
-echo "configure:10768: checking for readline" >&5
+echo "configure:10845: checking for readline" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_readline'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10779,14 +10856,14 @@ if eval "test \"\$ac_cv_func_readline\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 10783 "configure"
+#line 10860 "configure"
 #include "confdefs.h"
 
 int main() {
 readline()
 ; return 0; }
 EOF
-if { (eval echo configure:10790: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:10867: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_readline=$ac_lib; else ac_cv_funclib_readline=yes; fi";break
 else
@@ -10893,9 +10970,9 @@ EOF
 # And also something wierd has happend with dec-osf1, fallback to bsd-ptys
 
 echo $ac_n "checking for streamspty""... $ac_c" 1>&6
-echo "configure:10897: checking for streamspty" >&5
+echo "configure:10974: checking for streamspty" >&5
 case "`uname -sr`" in
-SunOS\ 4*|OSF1*|IRIX\ 4*|HP-UX\ ?.10.*)
+SunOS\ 4*|OSF1*|IRIX\ 4*|HP-UX\ ?.1[01].*)
 	krb_cv_sys_streamspty=no
 	;;
 AIX*)
@@ -10903,11 +10980,11 @@ AIX*)
 	if expr "$os_rel" : "3*" >/dev/null 2>&1; then
 		krb_cv_sys_streamspty=no
 	else
-		krb_cv_sys_streamspty="$ac_cv_func_getmsg"
+		krb_cv_sys_streamspty="$ac_cv_func_getmsg_work"
 	fi
 	;;
 *)
-	krb_cv_sys_streamspty="$ac_cv_func_getmsg"
+	krb_cv_sys_streamspty="$ac_cv_func_getmsg_work"
 	;;
 esac
 if test "$krb_cv_sys_streamspty" = yes; then
@@ -10919,7 +10996,7 @@ fi
 echo "$ac_t""$krb_cv_sys_streamspty" 1>&6
 
 echo $ac_n "checking if /bin/ls takes -A""... $ac_c" 1>&6
-echo "configure:10923: checking if /bin/ls takes -A" >&5
+echo "configure:11000: checking if /bin/ls takes -A" >&5
 if /bin/ls -A > /dev/null 2>&1 ;then
 	cat >> confdefs.h <<\EOF
 #define HAVE_LS_A 1
@@ -10932,7 +11009,7 @@ fi
 echo "$ac_t""$krb_ls_a" 1>&6
 	
 echo $ac_n "checking for suffix of preformatted manual pages""... $ac_c" 1>&6
-echo "configure:10936: checking for suffix of preformatted manual pages" >&5
+echo "configure:11013: checking for suffix of preformatted manual pages" >&5
 if eval "test \"`echo '$''{'krb_cv_sys_cat_suffix'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -11237,6 +11314,7 @@ s%@X_PRE_LIBS@%$X_PRE_LIBS%g
 s%@X_LIBS@%$X_LIBS%g
 s%@X_EXTRA_LIBS@%$X_EXTRA_LIBS%g
 s%@MAKE_X_PROGS_BIN@%$MAKE_X_PROGS_BIN%g
+s%@MAKE_X_SCRIPTS_BIN@%$MAKE_X_SCRIPTS_BIN%g
 s%@MAKE_X_PROGS_LIBEXEC@%$MAKE_X_PROGS_LIBEXEC%g
 s%@LIB_XauWriteAuth@%$LIB_XauWriteAuth%g
 s%@LIB_XauReadAuth@%$LIB_XauReadAuth%g
@@ -11255,7 +11333,6 @@ s%@ALLOCA@%$ALLOCA%g
 s%@LIB_hstrerror@%$LIB_hstrerror%g
 s%@LIBOBJS@%$LIBOBJS%g
 s%@LIB_AUTH_SUBDIRS@%$LIB_AUTH_SUBDIRS%g
-s%@APPL_KIP_DIR@%$APPL_KIP_DIR%g
 s%@krb_cv_header_sys_socket_h_broken@%$krb_cv_header_sys_socket_h_broken%g
 s%@krb_cv_header_netdb_h_broken@%$krb_cv_header_netdb_h_broken%g
 s%@LIB_el_init@%$LIB_el_init%g
diff --git a/crypto/kerberosIV/configure.in b/crypto/kerberosIV/configure.in
index cd2a70e5c3cf..ed1bfa48b104 100644
--- a/crypto/kerberosIV/configure.in
+++ b/crypto/kerberosIV/configure.in
@@ -8,7 +8,7 @@ dnl
 
 dnl Process this file with autoconf to produce a configure script.
 dnl
-AC_REVISION($Revision: 1.432.2.2 $)
+AC_REVISION($Revision: 1.432.2.14 $)
 AC_INIT(lib/krb/getrealm.c)
 AC_CONFIG_HEADER(include/config.h)
 
@@ -18,7 +18,7 @@ dnl
 
 PACKAGE=krb4
 AC_SUBST(PACKAGE)dnl
-VERSION=1.0
+VERSION=1.0.5
 AC_SUBST(VERSION)dnl
 AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])dnl
 AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])dnl
@@ -40,6 +40,9 @@ case "$host" in
 *-*-solaris2.7)
 	sunos=57
 	;;
+*-*-solaris2.8)
+	sunos=58
+	;;
 *-*-solaris2*)
 	sunos=50
 	;;
@@ -232,9 +235,7 @@ test "$AFSWS" = "yes" && AFSWS=/usr/afsws
 AC_SUBST(AFSWS)
 
 AC_ARG_ENABLE(rxkad,
-[  --enable-rxkad           build rxkad library],,[
-test -f $AFSWS/include/rx/rx.h && enable_rxkad=yes
-])
+[  --enable-rxkad           build rxkad library])
 
 if test "$afs_support" = yes -a "$enable_rxkad" = yes; then
 	LIB_SUBDIRS="$LIB_SUBDIRS rxkad"
@@ -333,6 +334,9 @@ if test -f /lib/pse.exp ;then
 	LIBS="$LIBS -Wl,-bnolibpath -Wl,-bI:/lib/pse.exp"
 fi
 ;;
+*-*-aix*)
+	LIBS="$LIBS -Wl,-bnolibpath"
+	;;
 esac
 
 dnl
@@ -357,6 +361,7 @@ AC_CHECK_HEADERS([arpa/ftp.h			\
 	errno.h					\
 	fcntl.h					\
 	fnmatch.h				\
+	gdbm/ndbm.h				\
 	grp.h					\
 	inttypes.h				\
 	io.h					\
@@ -523,12 +528,15 @@ dnl
 KRB_CHECK_X
 if test "$no_x" = "yes" ; then
 	MAKE_X_PROGS_BIN=""
+	MAKE_X_SCRIPTS_BIN=""
 	MAKE_X_PROGS_LIBEXEC=""
 else
 	MAKE_X_PROGS_BIN='$(X_PROGS_BIN)'
+	MAKE_X_SCRIPTS_BIN='$(X_SCRIPTS_BIN)'
 	MAKE_X_PROGS_LIBEXEC='$(X_PROGS_LIBEXEC)'
 fi
 AC_SUBST(MAKE_X_PROGS_BIN)dnl
+AC_SUBST(MAKE_X_SCRIPTS_BIN)dnl
 AC_SUBST(MAKE_X_PROGS_LIBEXEC)dnl
 
 AC_CHECK_XAU
@@ -772,22 +780,6 @@ AC_MSG_RESULT($LIB_AUTH_SUBDIRS)
 AC_SUBST(LIB_AUTH_SUBDIRS)dnl
 
 dnl
-dnl Figure out if we have tunnels
-dnl
-
-AC_MSG_CHECKING(for tunnel devices)
-
-APPL_KIP_DIR=
-
-if test "$ac_cv_header_net_if_tun_h" = "yes"; then
-	APPL_KIP_DIR=kip
-fi
-
-AC_MSG_RESULT($ac_cv_header_net_if_tun_h)
-
-AC_SUBST(APPL_KIP_DIR)dnl
-
-dnl
 dnl Checks for prototypes and declarations
 dnl
 
@@ -996,6 +988,8 @@ timezone)
 
 AC_HAVE_TYPE([sa_family_t],[#include <sys/socket.h>])
 
+AC_HAVE_TYPE([socklen_t],[#include <sys/socket.h>])
+ 
 AC_HAVE_TYPE([struct sockaddr_storage], [#include <sys/socket.h>])
 
 AC_KRB_STRUCT_SPWD
@@ -1022,6 +1016,8 @@ AC_CHECK_TYPE_EXTRA(ssize_t, int, [
 #include <unistd.h>
 #endif])
 
+AC_CHECK_TYPE_EXTRA(sig_atomic_t, int, [#include <signal.h>])
+
 dnl
 dnl Check for broken ultrix sys/socket.h
 dnl
@@ -1074,22 +1070,27 @@ dnl
 dnl you can link with getmsg on AIX 3.2 but you cannot run the program
 dnl
 
-AC_CHECK_FUNCS(getmsg)
+AC_CHECK_FUNC(getmsg)
 
-if test "$ac_cf_func_getmsg" = "yes"; then
+if test "$ac_cv_func_getmsg" = "yes"; then
 
-AC_CACHE_CHECK(for working getmsg, ac_cv_func_getmsg,
+AC_CACHE_CHECK(for working getmsg, ac_cv_func_getmsg_work,
 AC_TRY_RUN(
 [
 #include <stdio.h>
+#include <errno.h>
 
 int main()
 {
-  getmsg(open("/dev/null", 0), NULL, NULL, NULL);
+  int ret;
+  ret = getmsg(open("/dev/null", 0), NULL, NULL, NULL);
+  if(ret < 0 && errno == ENOSYS)
+    return 1;
   return 0;
 }
-], ac_cv_func_getmsg=yes, ac_cv_func_getmsg=no, ac_cv_func_getmsg=no))
-test "$ac_cv_func_getmsg" = "yes" &&
+], ac_cv_func_getmsg_work=yes, ac_cv_func_getmsg_work=no,
+ac_cv_func_getmsg_work=no))
+test "$ac_cv_func_getmsg_work" = "yes" &&
 AC_DEFINE(HAVE_GETMSG, 1, [Define if you have a working getmsg.])
 
 fi
@@ -1154,7 +1155,7 @@ AC_DEFINE(OLD_ENVIRON)dnl
 
 AC_MSG_CHECKING(for streamspty)
 case "`uname -sr`" in
-SunOS\ 4*|OSF1*|IRIX\ 4*|HP-UX\ ?.10.*)
+SunOS\ 4*|OSF1*|IRIX\ 4*|HP-UX\ ?.1[[01]].*)
 	krb_cv_sys_streamspty=no
 	;;
 AIX*)
@@ -1162,11 +1163,11 @@ AIX*)
 	if expr "$os_rel" : "3*" >/dev/null 2>&1; then
 		krb_cv_sys_streamspty=no
 	else
-		krb_cv_sys_streamspty="$ac_cv_func_getmsg"
+		krb_cv_sys_streamspty="$ac_cv_func_getmsg_work"
 	fi
 	;;
 *)
-	krb_cv_sys_streamspty="$ac_cv_func_getmsg"
+	krb_cv_sys_streamspty="$ac_cv_func_getmsg_work"
 	;;
 esac
 if test "$krb_cv_sys_streamspty" = yes; then
diff --git a/crypto/kerberosIV/include/Makefile.in b/crypto/kerberosIV/include/Makefile.in
index f321f162b29b..eb298903f032 100644
--- a/crypto/kerberosIV/include/Makefile.in
+++ b/crypto/kerberosIV/include/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.59.2.1 1999/12/06 17:23:06 assar Exp $
+# $Id: Makefile.in,v 1.59.2.3 2000/12/13 14:41:37 assar Exp $
 
 srcdir		= @srcdir@
 VPATH		= @srcdir@
@@ -31,7 +31,8 @@ libdir		= @libdir@
 HEADERS = \
 	acl.h com_err.h com_right.h des.h kadm.h kafs.h kdc.h \
 	klog.h krb.h krb-protos.h krb-archaeology.h krb_db.h \
-	ktypes.h otp.h prot.h sl.h @EXTRA_HEADERS@
+	ktypes.h otp.h prot.h sl.h \
+	md4.h md5.h sha.h rc4.h @EXTRA_HEADERS@
 
 LOCL_HEADERS = \
 	     base64.h roken-common.h protos.h resolve.h xdbm.h	\
@@ -96,6 +97,18 @@ com_right.h:
 des.h:
 	$(LN_S) $(srcdir)/../lib/des/des.h .
 
+md4.h:
+	$(LN_S) $(srcdir)/../lib/des/md4.h .
+
+md5.h:
+	$(LN_S) $(srcdir)/../lib/des/md5.h .
+
+sha.h:
+	$(LN_S) $(srcdir)/../lib/des/sha.h .
+
+rc4.h:
+	$(LN_S) $(srcdir)/../lib/des/rc4.h .
+
 kadm.h:
 	$(LN_S) $(srcdir)/../lib/kadm/kadm.h .
 
@@ -147,7 +160,7 @@ sl.h:
 	$(LN_S) $(srcdir)/../lib/sl/sl.h .
 
 protos.h:
-	$(LN_S) $(srcdir)/protos.H protos.h
+	$(LN_S) $(srcdir)/protos.hin protos.h
 
 netdb.h:
 	$(LN_S) $(srcdir)/netdb.x netdb.h
diff --git a/crypto/kerberosIV/include/config.h.in b/crypto/kerberosIV/include/config.h.in
index 3727ef140783..4995c27302b4 100644
--- a/crypto/kerberosIV/include/config.h.in
+++ b/crypto/kerberosIV/include/config.h.in
@@ -197,9 +197,6 @@
 /* Define if you have the getlogin function.  */
 #undef HAVE_GETLOGIN
 
-/* Define if you have the getmsg function.  */
-#undef HAVE_GETMSG
-
 /* Define if you have the getopt function.  */
 #undef HAVE_GETOPT
 
@@ -386,6 +383,9 @@
 /* Define if you have the socket function.  */
 #undef HAVE_SOCKET
 
+/* Define if you have the socklen_t function.  */
+#undef HAVE_SOCKLEN_T
+
 /* Define if you have the strcasecmp function.  */
 #undef HAVE_STRCASECMP
 
@@ -551,6 +551,9 @@
 /* Define if you have the <fnmatch.h> header file.  */
 #undef HAVE_FNMATCH_H
 
+/* Define if you have the <gdbm/ndbm.h> header file.  */
+#undef HAVE_GDBM_NDBM_H
+
 /* Define if you have the <grp.h> header file.  */
 #undef HAVE_GRP_H
 
@@ -1082,6 +1085,9 @@
 /* Define this to what the type ssize_t should be. */
 #undef ssize_t
 
+/* Define this to what the type sig_atomic_t should be. */
+#undef sig_atomic_t
+
 /* Define if struct sockaddr has field sa_len. */
 #undef HAVE_STRUCT_SOCKADDR_SA_LEN
 
diff --git a/crypto/kerberosIV/include/protos.hin b/crypto/kerberosIV/include/protos.hin
new file mode 100644
index 000000000000..c908f34d9e3c
--- /dev/null
+++ b/crypto/kerberosIV/include/protos.hin
@@ -0,0 +1,277 @@
+/* -*- C -*-
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Add here functions that don't have a prototype on your system.
+ *
+ * $Id: protos.hin,v 1.46.2.1 2000/12/13 14:41:38 assar Exp $
+ */
+
+#ifdef NEED_CRYPT_PROTO
+char *crypt(const char*, const char*);
+#endif
+
+#ifdef NEED_STRTOK_R_PROTO
+char *strtok_r (char *s1, const char *s2, char **lasts);
+#endif
+
+#ifndef HAVE_OPTARG_DECLARATION
+extern char *optarg;
+#endif
+#ifndef HAVE_OPTERR_DECLARATION
+extern int opterr;
+#endif
+#ifndef HAVE_OPTIND_DECLARATION
+extern int optind;
+#endif
+#ifndef HAVE_OPTOPT_DECLARATION
+extern int optopt;
+#endif
+
+#if defined(__GNUC__) && SunOS == 4
+
+/* To get type fd_set */
+#include <sys/types.h>
+#include <sys/time.h>
+
+/* To get struct sockaddr, struct in_addr and struct hostent */
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+
+/* To get struct stat */
+#include <sys/stat.h>
+
+/* To get struct utimbuf */
+#include <utime.h>
+
+#if !defined(HAVE_ATEXIT) && defined(HAVE_ON_EXIT)
+#define atexit(X) on_exit(X, NULL)
+#define HAVE_ATEXIT 1
+#endif
+#ifdef NEED_UTIME_PROTO
+int utime(const char *, const struct utimbuf *);
+#endif
+int syscall(int, ...);
+pid_t getpid(void);
+int ftruncate(int, off_t);
+int fchmod(int, mode_t);
+int fchown(int fd, int owner, int group);
+int fsync(int);
+int seteuid(uid_t);
+int setreuid(int, int);
+int flock(int, int);
+int gettimeofday(struct timeval *tp, struct timezone *tzp);
+int lstat(const char *, struct stat *);
+int ioctl(int, int, void *); 
+int getpriority(int which, int who);
+int setpriority(int which, int who, int priority);
+int getdtablesize(void);
+int initgroups(const char *name, int basegid);
+long ulimit(int cmd, long newlimit);
+int vhangup(void);
+
+int sigblock(int);
+int sigsetmask(int);
+int setitimer(int which, struct itimerval *value, struct itimerval *ovalue);
+
+int munmap(caddr_t addr, int len);
+
+int socket(int, int, int);
+int setsockopt(int, int, int, void *, int);
+int bind(int, void *, int);
+int getsockname(int, struct sockaddr *, int *);
+int accept(int, struct sockaddr *, int *);
+int connect(int, struct sockaddr *, int);
+int listen(int, int);
+int recv(int s, void *buf, int len, int flags);
+int recvfrom(int, char *, int, int, void *, int *);
+int sendto(int, const char *, int, int, void *, int);
+int select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
+int shutdown(int, int);
+int getpeername(int, struct sockaddr *, int *);
+int getsockopt(int, int, int, void *, int *);
+int send(int s, const void *msg, int len, int flags);
+struct strbuf;
+int getmsg(int fd, struct strbuf *ctlptr, struct strbuf *dataptr, int *flags);
+
+char *inet_ntoa(struct in_addr in);
+unsigned long inet_addr(const char *cp);
+int gethostname(char *, int);
+struct hostent *gethostbyname(const char *);
+int dn_expand(const u_char *msg,
+	      const u_char *eomorig,
+	      const u_char *comp_dn,
+	      char *exp_dn,
+	      int length);
+int res_search(const char *dname,
+	       int class,
+	       int type,
+	       u_char *answer,
+	       int anslen);
+
+int yp_get_default_domain (char **outdomain);
+int innetgr(const char *netgroup, const char *machine,
+	    const char *user, const char *domain);
+
+char *getwd(char *pathname);
+
+void bzero(char *b, int length);
+int strcasecmp(const char *, const char *);
+void swab(const char *, char *, int);
+int atoi(const char *str);
+char *mktemp(char *);
+void srandom(int seed);
+int random(void);
+
+int rcmd(char **, unsigned short, char *, char *, char *, int *);
+int rresvport(int *);
+int openlog(const char *ident, int logopt, int facility);
+int syslog(int priority, const char *message, ...);
+int ttyslot(void);
+
+char *getpass(const char *);
+
+char *getusershell(void);
+void setpwent();
+void endpwent();
+
+#include <stdio.h>
+int fclose(FILE *);
+
+#endif /* SunOS4 */
+
+#if SunOS == 5
+
+#include <sys/types.h>
+#include <sys/resource.h>
+
+char *getusershell(void);
+char *strtok_r(char *, const char *, char **);
+int getpriority (int which, id_t who);
+int setpriority (int which, id_t who, int prio);
+int getdtablesize (void);
+char *getusershell(void);
+void setusershell(void);
+void endusershell(void);
+
+#if defined(__GNUC__)
+
+int syscall(int, ...);
+int gethostname(char *, int);
+
+struct timeval;
+int gettimeofday(struct timeval *tp, void *);
+
+#endif
+#endif
+
+#if defined(__osf__) /* OSF/1 */
+
+#if 0
+/* To get type fd_set */
+#include <sys/types.h>
+#include <sys/time.h>
+
+int select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
+int fsync(int fildes);
+int gethostname(char *address, int address_len);
+int setreuid(int ruid, int euid);
+int ioctl(int d, unsigned long request, void * arg);
+#endif
+int flock(int fildes, int operation);
+int syscall(int, ...);
+
+unsigned short htons(unsigned short hostshort);
+unsigned int   htonl(unsigned int hostint);
+unsigned short ntohs(unsigned short netshort);
+unsigned int   ntohl(unsigned int netint);
+
+char *mktemp(char *template);
+char *getusershell(void);
+
+int rcmd(char **, unsigned short, char *, char *, char *, int *);
+int rresvport (int *port);
+
+#endif /* OSF/1 */
+
+#if defined(__sgi)
+#include <sys/types.h>
+
+char *ptsname(int fd);
+struct spwd *getspuid(uid_t);
+#endif /* IRIX */
+
+#if defined(__GNUC__) && defined(_AIX) /* AIX */
+
+struct timeval;
+struct timezone;
+int gettimeofday (struct timeval *Tp, void *Tzp);
+
+#endif /* AIX */
+
+#if defined(__GNUC__) && defined(__hpux) /* HP-UX */
+
+int syscall(int, ...);
+
+int vhangup(void);
+
+char *ptsname(int fildes);
+
+void utmpname(const char *file);
+
+int innetgr(const char *netgroup, const char *machine,
+	    const char *user, const char *domain);
+
+int dn_comp(char *exp_dn, char *comp_dn, int length,
+	    char **dnptrs, char **lastdnptr);
+
+int res_query(char *dname, int class, int type,
+	      unsigned char *answer, int anslen);
+
+int dn_expand(char *msg, char *eomorig, char *comp_dn,
+	      char *exp_dn, int length);
+
+int res_search(char *dname, int class, int type,
+	       unsigned char *answer, int anslen);
+
+#endif /* HP-UX */
+
+#if defined(WIN32)	/* Visual C++ 4.0 (Windows95/NT) */
+
+int open(const char *, int, ...);
+int close(int);
+int	read(int, void *, unsigned int);
+int write(int, const void *, unsigned int);
+
+#endif /* WIN32 */
diff --git a/crypto/kerberosIV/kadmin/admin_server.c b/crypto/kerberosIV/kadmin/admin_server.c
index c1f2a8e25898..14347fd3677b 100644
--- a/crypto/kerberosIV/kadmin/admin_server.c
+++ b/crypto/kerberosIV/kadmin/admin_server.c
@@ -30,7 +30,7 @@ or implied warranty.
 
 #include "kadm_locl.h"
 
-RCSID("$Id: admin_server.c,v 1.49 1999/11/13 06:32:19 assar Exp $");
+RCSID("$Id: admin_server.c,v 1.49.2.2 2000/10/18 20:24:57 assar Exp $");
 
 /* Almost all procs and such need this, so it is global */
 admin_params prm;		/* The command line parameters struct */
@@ -39,8 +39,16 @@ admin_params prm;		/* The command line parameters struct */
 char *acldir = DEFAULT_ACL_DIR;
 static char krbrlm[REALM_SZ];
 
-static unsigned pidarraysize = 0;
-static int *pidarray = NULL;
+#define MAXCHILDREN 100
+
+struct child {
+    pid_t pid;
+    int pipe_fd;
+    int authenticated;
+};
+
+static unsigned nchildren = 0;
+static struct child children[MAXCHILDREN];
 
 static int exit_now = 0;
 
@@ -52,46 +60,26 @@ doexit(int sig)
     SIGRETURN(0);
 }
    
+static sig_atomic_t do_wait;
+
 static
 RETSIGTYPE
 do_child(int sig)
 {
-    int pid;
-    int i, j;
-
-    int status;
-
-    pid = wait(&status);
-
-    /* Reinstall signal handlers for SysV. Must be done *after* wait */
-    signal(SIGCHLD, do_child);
-
-    for (i = 0; i < pidarraysize; i++)
-	if (pidarray[i] == pid) {
-	    /* found it */
-	    for (j = i; j < pidarraysize-1; j++)
-		/* copy others down */
-		pidarray[j] = pidarray[j+1];
-	    pidarraysize--;
-	    if ((WIFEXITED(status) && WEXITSTATUS(status) != 0)
-		|| WIFSIGNALED(status))
-	      krb_log("child %d: termsig %d, retcode %d", pid,
-		  WTERMSIG(status), WEXITSTATUS(status));
-	    SIGRETURN(0);
-	}
-    krb_log("child %d not in list: termsig %d, retcode %d", pid,
-	WTERMSIG(status), WEXITSTATUS(status));
+    do_wait = 1;
     SIGRETURN(0);
 }
 
+
 static void
 kill_children(void)
 {
     int i;
 
-    for (i = 0; i < pidarraysize; i++) {
-	kill(pidarray[i], SIGINT);
-	krb_log("killing child %d", pidarray[i]);
+    for (i = 0; i < nchildren; i++) {
+	kill(children[i].pid, SIGINT);
+	close (children[i].pipe_fd);
+	krb_log("killing child %d", children[i].pid);
     }
 }
 
@@ -117,11 +105,6 @@ clear_secrets(void)
     server_parm.master_key_version = 0L;
 }
 
-#ifdef DEBUG
-#define cleanexit(code) {kerb_fini(); return;}
-#endif
-
-#ifndef DEBUG
 static void
 cleanexit(int val)
 {
@@ -129,10 +112,21 @@ cleanexit(int val)
     clear_secrets();
     exit(val);
 }
-#endif
+
+static RETSIGTYPE
+sigalrm(int sig)
+{
+    cleanexit(1);
+}
+
+/*
+ * handle the client on the socket `fd' from `who'
+ * `signal_fd' is a pipe on which to signal when the user has been
+ * authenticated
+ */
 
 static void
-process_client(int fd, struct sockaddr_in *who)
+process_client(int fd, struct sockaddr_in *who, int signal_fd)
 {
     u_char *dat;
     int dat_len;
@@ -142,6 +136,13 @@ process_client(int fd, struct sockaddr_in *who)
     des_cblock skey;
     int more;
     int status;
+    int authenticated = 0;
+
+    /* make this connection time-out after 1 second if the user has
+       not managed one transaction succesfully in kadm_ser_in */
+
+    signal(SIGALRM, sigalrm);
+    alarm(2);
 
 #if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
     {
@@ -230,8 +231,19 @@ process_client(int fd, struct sockaddr_in *who)
     	if (exit_now) {
 	    cleanexit(0);
 	}
-	if ((retval = kadm_ser_in(&dat, &dat_len, errpkt)) != KADM_SUCCESS)
+	retval = kadm_ser_in(&dat, &dat_len, errpkt);
+
+	if (retval == KADM_SUCCESS) {
+	    if (!authenticated) {
+		unsigned char one = 1;
+
+		authenticated = 1;
+		alarm (0);
+		write (signal_fd, &one, 1);
+	    }
+	} else {
 	    krb_log("processing request: %s", error_message(retval));
+	}
     
 	/* kadm_ser_in did the processing and returned stuff in
 	   dat & dat_len , return the appropriate data */
@@ -255,6 +267,175 @@ process_client(int fd, struct sockaddr_in *who)
     /*NOTREACHED*/
 }
 
+static void
+accept_client (int admin_fd)
+{
+    int pipe_fd[2];
+    int addrlen;
+    struct sockaddr_in peer;
+    pid_t pid;
+    int peer_fd;
+
+    /* using up the maximum number of children, try to get rid
+       of one unauthenticated one */
+
+    if (nchildren >= MAXCHILDREN) {
+	int i, nunauth = 0;
+	int victim;
+
+	for (;;) {
+	    for (i = 0; i < nchildren; ++i)
+		if (children[i].authenticated == 0)
+		    ++nunauth;
+	    if (nunauth == 0)
+		return;
+
+	    victim = rand() % nchildren;
+	    if (children[victim].authenticated == 0) {
+		kill(children[victim].pid, SIGINT);
+		close(children[victim].pipe_fd);
+		for (i = victim; i < nchildren; ++i)
+		    children[i] = children[i + 1];
+		--nchildren;
+		break;
+	    }
+	}
+    }
+
+    /* accept the conn */
+    addrlen = sizeof(peer);
+    peer_fd = accept(admin_fd, (struct sockaddr *)&peer, &addrlen);
+    if (peer_fd < 0) {
+	krb_log("accept: %s",error_message(errno));
+	return;
+    }
+    if (pipe (pipe_fd) < 0) {
+	krb_log ("pipe: %s", error_message(errno));
+	return;
+    }
+
+    if (pipe_fd[0] >= FD_SETSIZE
+	|| pipe_fd[1] >= FD_SETSIZE) {
+	krb_log ("pipe fds too large");
+	close (pipe_fd[0]);
+	close (pipe_fd[1]);
+	return;
+    }
+
+    pid = fork ();
+
+    if (pid < 0) {
+	krb_log ("fork: %s", error_message(errno));
+	close (pipe_fd[0]);
+	close (pipe_fd[1]);
+	return;
+    }
+
+    if (pid != 0) {
+	/* parent */
+	/* fork succeded: keep tabs on child */
+	close(peer_fd);
+	children[nchildren].pid     = pid;
+	children[nchildren].pipe_fd = pipe_fd[0];
+	children[nchildren].authenticated = 0;
+	++nchildren;
+	close (pipe_fd[1]);
+
+    } else {
+	int i;
+
+	/* child */
+	close(admin_fd);
+	close(pipe_fd[0]);
+
+	for (i = 0; i < nchildren; ++i)
+	    close (children[i].pipe_fd);
+
+	/*
+	 * If we are multihomed we need to figure out which
+	 * local address that is used this time since it is
+	 * used in "direction" comparison.
+	 */
+	getsockname(peer_fd,
+		    (struct sockaddr *)&server_parm.admin_addr,
+		    &addrlen);
+	/* do stuff */
+	process_client (peer_fd, &peer, pipe_fd[1]);
+    }
+}
+
+/*
+ * handle data signaled from child `child' kadmind
+ */
+
+static void
+handle_child_signal (int child)
+{
+    int ret;
+    unsigned char data[1];
+
+    ret = read (children[child].pipe_fd, data, 1);
+    if (ret < 0) {
+	if (errno != EINTR)
+	    krb_log ("read from child %d: %s", child,
+		     error_message(errno));
+	return;
+    }
+    if (ret == 0) {
+	close (children[child].pipe_fd);
+	children[child].pipe_fd = -1;
+	return;
+    }
+    if (data)
+	children[child].authenticated = 1;
+}
+
+/*
+ * handle dead children
+ */
+
+static void
+handle_sigchld (void)
+{
+    pid_t pid;
+    int status;
+    int i, j;
+
+    for (;;) {
+	int found = 0;
+
+	pid = waitpid(-1, &status, WNOHANG|WUNTRACED);
+	if (pid == 0 || (pid < 0 && errno == ECHILD))
+	    break;
+	if (pid < 0) {
+	    krb_log("waitpid: %s", error_message(errno));
+	    break;
+	}
+	for (i = 0; i < nchildren; i++)
+	    if (children[i].pid == pid) {
+		/* found it */
+		close(children[i].pipe_fd);
+		for (j = i; j < nchildren; j++)
+		    /* copy others down */
+		    children[j] = children[j+1];
+		--nchildren;
+#if 0
+		if ((WIFEXITED(status) && WEXITSTATUS(status) != 0)
+		    || WIFSIGNALED(status))
+		    krb_log("child %d: termsig %d, retcode %d", pid,
+			    WTERMSIG(status), WEXITSTATUS(status));
+#endif
+		found = 1;
+	    }
+#if 0
+	if (!found)
+	    krb_log("child %d not in list: termsig %d, retcode %d", pid,
+		    WTERMSIG(status), WEXITSTATUS(status));
+#endif
+    }
+    do_wait = 0;
+}
+
 /*
 kadm_listen
 listen on the admin servers port for a request
@@ -264,11 +445,7 @@ kadm_listen(void)
 {
     int found;
     int admin_fd;
-    int peer_fd;
-    fd_set mask, readfds;
-    struct sockaddr_in peer;
-    int addrlen;
-    int pid;
+    fd_set readfds;
 
     signal(SIGINT, doexit);
     signal(SIGTERM, doexit);
@@ -282,9 +459,15 @@ kadm_listen(void)
 
     if ((admin_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
 	return KADM_NO_SOCK;
+
+    if (admin_fd >= FD_SETSIZE) {
+	krb_log("admin_fd too big");
+	return KADM_NO_BIND;
+    }
+	
 #if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
     {
-      int one=1;
+      int one = 1;
       setsockopt(admin_fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one,
 		 sizeof(one));
     }
@@ -292,76 +475,43 @@ kadm_listen(void)
     if (bind(admin_fd, (struct sockaddr *)&server_parm.admin_addr,
 	     sizeof(struct sockaddr_in)) < 0)
 	return KADM_NO_BIND;
-    listen(admin_fd, 1);
-    FD_ZERO(&mask);
-    FD_SET(admin_fd, &mask);
+    if (listen(admin_fd, SOMAXCONN) < 0)
+	return KADM_NO_BIND;
 
     for (;;) {				/* loop nearly forever */
+	int i;
+	int maxfd = -1;
+
 	if (exit_now) {
 	    clear_secrets();
 	    kill_children();
 	    return(0);
 	}
-	readfds = mask;
-	if ((found = select(admin_fd+1, &readfds, 0,
-			    0, (struct timeval *)0)) == 0)
-	    continue;			/* no things read */
+	if (do_wait)
+	    handle_sigchld ();
+
+	FD_ZERO(&readfds);
+	FD_SET(admin_fd, &readfds);
+	maxfd = max(maxfd, admin_fd);
+	for (i = 0; i < nchildren; ++i)
+	    if (children[i].pipe_fd >= 0) {
+		FD_SET(children[i].pipe_fd, &readfds);
+		maxfd = max(maxfd, children[i].pipe_fd);
+	    }
+
+	found = select(maxfd + 1, &readfds, NULL, NULL, NULL);
 	if (found < 0) {
 	    if (errno != EINTR)
 		krb_log("select: %s",error_message(errno));
 	    continue;
-	}      
-	if (FD_ISSET(admin_fd, &readfds)) {
-	    /* accept the conn */
-	    addrlen = sizeof(peer);
-	    if ((peer_fd = accept(admin_fd, (struct sockaddr *)&peer,
-				  &addrlen)) < 0) {
-		krb_log("accept: %s",error_message(errno));
-		continue;
-	    }
-#ifndef DEBUG
-	    /* if you want a sep daemon for each server */
-	    if ((pid = fork())) {
-		void *tmp;
-
-		/* parent */
-		if (pid < 0) {
-		    krb_log("fork: %s",error_message(errno));
-		    close(peer_fd);
-		    continue;
-		}
-		/* fork succeded: keep tabs on child */
-		close(peer_fd);
-		tmp = realloc(pidarray,
-			      (pidarraysize + 1) * sizeof(*pidarray));
-		if(tmp == NULL) {
-		    krb_log ("malloc: no memory. pid %u on its own",
-			     (unsigned)pid);
-		} else {
-		    pidarray = tmp;
-		    pidarray[pidarraysize++] = pid;
-		}
-	    } else {
-		/* child */
-		close(admin_fd);
-#endif /* DEBUG */
-		/*
-		 * If we are multihomed we need to figure out which
-		 * local address that is used this time since it is
-		 * used in "direction" comparison.
-		 */
-		getsockname(peer_fd,
-			    (struct sockaddr *)&server_parm.admin_addr,
-			    &addrlen);
-		/* do stuff */
-		process_client (peer_fd, &peer);
-#ifndef DEBUG
-	    }
-#endif
-	} else {
-	    krb_log("something else woke me up!");
-	    return(0);
 	}
+	if (FD_ISSET(admin_fd, &readfds)) 
+	    accept_client (admin_fd);
+	for (i = 0; i < nchildren; ++i)
+	    if (children[i].pipe_fd >= 0
+		&& FD_ISSET(children[i].pipe_fd, &readfds)) {
+		handle_child_signal (i);
+	    }
     }
     /*NOTREACHED*/
 }
diff --git a/crypto/kerberosIV/kuser/klist.c b/crypto/kerberosIV/kuser/klist.c
index e0476e0b6222..591ebd0a9ccd 100644
--- a/crypto/kerberosIV/kuser/klist.c
+++ b/crypto/kerberosIV/kuser/klist.c
@@ -22,7 +22,7 @@
 
 #include <parse_time.h>
 
-RCSID("$Id: klist.c,v 1.44.2.2 1999/12/07 00:20:43 assar Exp $");
+RCSID("$Id: klist.c,v 1.44.2.3 2000/10/18 20:38:29 assar Exp $");
 
 static int option_verbose = 0;
 
diff --git a/crypto/kerberosIV/lib/acl/Makefile.in b/crypto/kerberosIV/lib/acl/Makefile.in
index 2a781901cd2d..96d74240eaa0 100644
--- a/crypto/kerberosIV/lib/acl/Makefile.in
+++ b/crypto/kerberosIV/lib/acl/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.29 1999/03/10 19:01:14 joda Exp $
+# $Id: Makefile.in,v 1.29.4.1 2000/06/23 03:20:00 assar Exp $
 #
 
 SHELL = /bin/sh
@@ -48,7 +48,7 @@ Wall:
 
 install: all
 	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
-	$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB)
+	$(INSTALL_DATA) $(LIB) $(DESTDIR)$(libdir)/$(LIB)
 
 uninstall:
 	rm -f $(DESTDIR)$(libdir)/$(LIB)
diff --git a/crypto/kerberosIV/lib/auth/afskauthlib/Makefile.in b/crypto/kerberosIV/lib/auth/afskauthlib/Makefile.in
index 2eb2576fe384..5e073af77c04 100644
--- a/crypto/kerberosIV/lib/auth/afskauthlib/Makefile.in
+++ b/crypto/kerberosIV/lib/auth/afskauthlib/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.25 1999/11/15 10:20:46 assar Exp $
+# $Id: Makefile.in,v 1.25.2.1 2000/06/23 03:20:05 assar Exp $
 #
 
 SHELL = /bin/sh
@@ -54,7 +54,7 @@ Wall:
 install: all
 	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
 	-if test "$(LIB)" != ""; then \
-	 $(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
+	 $(INSTALL_DATA) $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
 	fi
 
 uninstall:
diff --git a/crypto/kerberosIV/lib/auth/pam/Makefile.in b/crypto/kerberosIV/lib/auth/pam/Makefile.in
index b012fcd63ecf..4369532dac3a 100644
--- a/crypto/kerberosIV/lib/auth/pam/Makefile.in
+++ b/crypto/kerberosIV/lib/auth/pam/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.25 1999/11/15 10:20:48 assar Exp $
+# $Id: Makefile.in,v 1.25.2.2 2000/12/07 16:44:11 assar Exp $
 #
 
 SHELL = /bin/sh
@@ -31,8 +31,8 @@ LD_FLAGS = @REAL_LD_FLAGS@
 LIB_res_search = @LIB_res_search@
 LIB_dn_expand = @LIB_dn_expand@
  
-@lib_deps_yes@LIB_DEPS = -L../../kafs -L../../krb -L../../des \
-@lib_deps_yes@	   -lkafs -lkrb -ldes \
+@lib_deps_yes@LIB_DEPS = ../../kafs/libkafs_pic.a \
+@lib_deps_yes@	         ../../krb/libkrb_pic.a ../../des/libdes_pic.a \
 @lib_deps_yes@     $(LIB_res_search) $(LIB_dn_expand) -lpam -lc
 @lib_deps_no@LIB_DEPS =
 
@@ -54,7 +54,7 @@ Wall:
 install: all
 	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
 	-if test "$(LIB)" != ""; then \
-	  $(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
+	  $(INSTALL_DATA) $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
 	fi
 
 uninstall:
@@ -82,7 +82,6 @@ $(OBJECTS): ../../../include/config.h
 
 $(LIB): $(OBJECTS)
 	rm -f $@
-	$(LDSHARED) -o $@ $(OBJECTS) $(LD_FLAGS) $(LIB_DEPS)
-#	$(LINK) -shared -Wl,-x -o $(LIB) $(OBJECTS)  ../../kafs/libkafs.a ../../krb/libkrb.a ../../des/libdes.a
+	$(LDSHARED) -Wl,-Bsymbolic -o $@ $(OBJECTS) $(LD_FLAGS) $(LIB_DEPS)
 
 .PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/auth/pam/pam.c b/crypto/kerberosIV/lib/auth/pam/pam.c
index d919bf8f83b8..22dfc7459244 100644
--- a/crypto/kerberosIV/lib/auth/pam/pam.c
+++ b/crypto/kerberosIV/lib/auth/pam/pam.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -31,13 +31,9 @@
  * SUCH DAMAGE.
  */
 
-/* This code is extremely ugly, and would probably be better off
-   beeing completely rewritten */
-
-
 #ifdef HAVE_CONFIG_H
 #include<config.h>
-RCSID("$Id: pam.c,v 1.22 1999/12/02 16:58:37 joda Exp $");
+RCSID("$Id: pam.c,v 1.22.2.2 2000/10/13 15:41:09 assar Exp $");
 #endif
 
 #include <stdio.h>
@@ -46,198 +42,402 @@ RCSID("$Id: pam.c,v 1.22 1999/12/02 16:58:37 joda Exp $");
 #include <pwd.h>
 #include <unistd.h>
 #include <sys/types.h>
+#include <syslog.h>
 
-#define PAM_SM_AUTH
-#define PAM_SM_SESSION
 #include <security/pam_appl.h>
 #include <security/pam_modules.h>
+#ifndef PAM_AUTHTOK_RECOVERY_ERR /* Fix linsux typo. */
+#define PAM_AUTHTOK_RECOVERY_ERR PAM_AUTHTOK_RECOVER_ERR
+#endif
 
 #include <netinet/in.h>
 #include <krb.h>
 #include <kafs.h>
 
-static int
-cleanup(pam_handle_t *pamh, void *data, int error_code)
+#if 0
+/* Debugging PAM modules is a royal pain, truss helps. */
+#define DEBUG(msg) (access(msg " at line", __LINE__))
+#endif
+
+static void
+psyslog(int level, const char *format, ...)
 {
-    if(error_code != PAM_SUCCESS)
-	dest_tkt();
-    free(data);
-    return PAM_SUCCESS;
+  va_list args;
+  va_start(args, format);
+  openlog("pam_krb4", LOG_CONS|LOG_PID, LOG_AUTH);
+  vsyslog(level, format, args);
+  va_end(args);
+  closelog();
 }
 
-static int
-doit(pam_handle_t *pamh, char *name, char *inst, char *pwd, char *tkt)
+enum {
+  KRB4_DEBUG,
+  KRB4_USE_FIRST_PASS,
+  KRB4_TRY_FIRST_PASS,
+  KRB4_IGNORE_ROOT,
+  KRB4_NO_VERIFY,
+  KRB4_REAFSLOG,
+  KRB4_CTRLS			/* Number of ctrl arguments defined. */
+};
+
+#define KRB4_DEFAULTS  0
+
+static int ctrl_flags = KRB4_DEFAULTS;
+#define ctrl_on(x)  (krb4_args[x].flag & ctrl_flags)
+#define ctrl_off(x) (!ctrl_on(x))
+
+typedef struct
 {
-    char realm[REALM_SZ];
-    int ret;
-
-    pam_set_data(pamh, "KRBTKFILE", strdup(tkt), cleanup);
-    krb_set_tkt_string(tkt);
-	
-    krb_get_lrealm(realm, 1);
-    ret = krb_verify_user(name, inst, realm, pwd, KRB_VERIFY_SECURE, NULL);
-    memset(pwd, 0, strlen(pwd));
-    switch(ret){
-    case KSUCCESS:
-	return PAM_SUCCESS;
-    case KDC_PR_UNKNOWN:
-	return PAM_USER_UNKNOWN;
-    case SKDC_CANT:
-    case SKDC_RETRY:
-    case RD_AP_TIME:
-	return PAM_AUTHINFO_UNAVAIL;
-    default:
-	return PAM_AUTH_ERR;
+  const char *token;
+  unsigned int flag;
+} krb4_ctrls_t;
+
+static krb4_ctrls_t krb4_args[KRB4_CTRLS] =
+{
+  /* KRB4_DEBUG          */ { "debug",          0x01 },
+  /* KRB4_USE_FIRST_PASS */ { "use_first_pass", 0x02 },
+  /* KRB4_TRY_FIRST_PASS */ { "try_first_pass", 0x04 },
+  /* KRB4_IGNORE_ROOT    */ { "ignore_root",    0x08 },
+  /* KRB4_NO_VERIFY      */ { "no_verify",      0x10 },
+  /* KRB4_REAFSLOG       */ { "reafslog",       0x20 },
+};
+
+static void
+parse_ctrl(int argc, const char **argv)
+{
+  int i, j;
+
+  ctrl_flags = KRB4_DEFAULTS;
+  for (i = 0; i < argc; i++)
+    {
+      for (j = 0; j < KRB4_CTRLS; j++)
+	if (strcmp(argv[i], krb4_args[j].token) == 0)
+	  break;
+    
+      if (j >= KRB4_CTRLS)
+	psyslog(LOG_ALERT, "unrecognized option [%s]", *argv);
+      else
+	ctrl_flags |= krb4_args[j].flag;
     }
 }
 
-static int
-auth_login(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
+static void
+pdeb(const char *format, ...)
 {
-    int ret;
-    struct pam_message msg, *pmsg;
-    struct pam_response *resp;
-    char prompt[128];
-
-    pmsg = &msg;
-    msg.msg_style = PAM_PROMPT_ECHO_OFF;
-    snprintf(prompt, sizeof(prompt), "%s's Password: ", user);
-    msg.msg = prompt;
-
-    ret = conv->conv(1, (const struct pam_message**)&pmsg, 
-		     &resp, conv->appdata_ptr);
-    if(ret != PAM_SUCCESS)
-	return ret;
-    
+  va_list args;
+  if (ctrl_off(KRB4_DEBUG))
+    return;
+  va_start(args, format);
+  openlog("pam_krb4", LOG_CONS|LOG_PID, LOG_AUTH);
+  vsyslog(LOG_DEBUG, format, args);
+  va_end(args);
+  closelog();
+}
+
+#define ENTRY(func) pdeb("%s() flags = %d ruid = %d euid = %d", func, flags, getuid(), geteuid())
+
+static void
+set_tkt_string(uid_t uid)
+{
+  char buf[128];
+
+  snprintf(buf, sizeof(buf), "%s%u", TKT_ROOT, (unsigned)uid);
+  krb_set_tkt_string(buf);
+
+#if 0
+  /* pam_set_data+pam_get_data are not guaranteed to work, grr. */
+  pam_set_data(pamh, "KRBTKFILE", strdup(t), cleanup);
+  if (pam_get_data(pamh, "KRBTKFILE", (const void**)&tkt) == PAM_SUCCESS)
     {
-	char tkt[1024];
-	struct passwd *pw = getpwnam(user);
-
-	if(pw){
-	    snprintf(tkt, sizeof(tkt),
-		     "%s%u", TKT_ROOT, (unsigned)pw->pw_uid);
-	    ret = doit(pamh, user, "", resp->resp, tkt);
-	    if(ret == PAM_SUCCESS)
-		chown(tkt, pw->pw_uid, pw->pw_gid);
-	}else
-	    ret = PAM_USER_UNKNOWN;
-	memset(resp->resp, 0, strlen(resp->resp));
-	free(resp->resp);
-	free(resp);
+      pam_putenv(pamh, var);
+    }
+#endif
+
+  /* We don't want to inherit this variable.
+   * If we still do, it must have a sane value. */
+  if (getenv("KRBTKFILE") != 0)
+    {
+      char *var = malloc(sizeof(buf));
+      snprintf(var, sizeof(buf), "KRBTKFILE=%s", tkt_string());
+      putenv(var);
+      /* free(var); XXX */
     }
-    return ret;
 }
 
 static int
-auth_su(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
+verify_pass(pam_handle_t *pamh,
+	    const char *name,
+	    const char *inst,
+	    const char *pass)
 {
-    int ret;
-    struct passwd *pw;
-    struct pam_message msg, *pmsg;
-    struct pam_response *resp;
-    char prompt[128];
-    krb_principal pr;
-    
-    pr.realm[0] = 0;
-    ret = pam_get_user(pamh, &user, "login: ");
-    if(ret != PAM_SUCCESS)
-	return ret;
-    
-    pw = getpwuid(getuid());
-    if(strcmp(user, "root") == 0){
-	strlcpy(pr.name, pw->pw_name, sizeof(pr.name));
-	strlcpy(pr.instance, "root", sizeof(pr.instance));
-    }else{
-	strlcpy(pr.name, user, sizeof(pr.name));
-	pr.instance[0] = 0;
+  char realm[REALM_SZ];
+  int ret, krb_verify, old_euid, old_ruid;
+
+  krb_get_lrealm(realm, 1);
+  if (ctrl_on(KRB4_NO_VERIFY))
+    krb_verify = KRB_VERIFY_SECURE_FAIL;
+  else
+    krb_verify = KRB_VERIFY_SECURE;
+  old_ruid = getuid();
+  old_euid = geteuid();
+  setreuid(0, 0);
+  ret = krb_verify_user(name, inst, realm, pass, krb_verify, NULL);
+  pdeb("krb_verify_user(`%s', `%s', `%s', pw, %d, NULL) returns %s",
+       name, inst, realm, krb_verify,
+       krb_get_err_text(ret));
+  setreuid(old_ruid, old_euid);
+  if (getuid() != old_ruid || geteuid() != old_euid)
+    {
+      psyslog(LOG_ALERT , "setreuid(%d, %d) failed at line %d",
+	      old_ruid, old_euid, __LINE__);
+      exit(1);
     }
-    pmsg = &msg;
-    msg.msg_style = PAM_PROMPT_ECHO_OFF;
-    snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&pr));
-    msg.msg = prompt;
-
-    ret = conv->conv(1, (const struct pam_message**)&pmsg, 
-		     &resp, conv->appdata_ptr);
-    if(ret != PAM_SUCCESS)
-	return ret;
     
+  switch(ret) {
+  case KSUCCESS:
+    return PAM_SUCCESS;
+  case KDC_PR_UNKNOWN:
+    return PAM_USER_UNKNOWN;
+  case SKDC_CANT:
+  case SKDC_RETRY:
+  case RD_AP_TIME:
+    return PAM_AUTHINFO_UNAVAIL;
+  default:
+    return PAM_AUTH_ERR;
+  }
+}
+
+static int
+krb4_auth(pam_handle_t *pamh,
+	  int flags,
+	  const char *name,
+	  const char *inst,
+	  struct pam_conv *conv)
+{
+  struct pam_response *resp;
+  char prompt[128];
+  struct pam_message msg, *pmsg = &msg;
+  int ret;
+
+  if (ctrl_on(KRB4_TRY_FIRST_PASS) || ctrl_on(KRB4_USE_FIRST_PASS))
     {
-	char tkt[1024];
-
-	snprintf(tkt, sizeof(tkt),"%s_%s_to_%s",
-		 TKT_ROOT, pw->pw_name, user);
-	ret = doit(pamh, pr.name, pr.instance, resp->resp, tkt);
-	if(ret == PAM_SUCCESS)
-	    chown(tkt, pw->pw_uid, pw->pw_gid);
-	memset(resp->resp, 0, strlen(resp->resp));
-	free(resp->resp);
-	free(resp);
+      char *pass = 0;
+      ret = pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
+      if (ret != PAM_SUCCESS)
+        {
+          psyslog(LOG_ERR , "pam_get_item returned error to get-password");
+          return ret;
+        }
+      else if (pass != 0 && verify_pass(pamh, name, inst, pass) == PAM_SUCCESS)
+	return PAM_SUCCESS;
+      else if (ctrl_on(KRB4_USE_FIRST_PASS))
+	return PAM_AUTHTOK_RECOVERY_ERR;       /* Wrong password! */
+      else
+	/* We tried the first password but it didn't work, cont. */;
     }
+
+  msg.msg_style = PAM_PROMPT_ECHO_OFF;
+  if (*inst == 0)
+    snprintf(prompt, sizeof(prompt), "%s's Password: ", name);
+  else
+    snprintf(prompt, sizeof(prompt), "%s.%s's Password: ", name, inst);
+  msg.msg = prompt;
+
+  ret = conv->conv(1, &pmsg, &resp, conv->appdata_ptr);
+  if (ret != PAM_SUCCESS)
     return ret;
+
+  ret = verify_pass(pamh, name, inst, resp->resp);
+  if (ret == PAM_SUCCESS)
+    {
+      memset(resp->resp, 0, strlen(resp->resp)); /* Erase password! */
+      free(resp->resp);
+      free(resp);
+    }
+  else
+    {
+      pam_set_item(pamh, PAM_AUTHTOK, resp->resp); /* Save password. */
+      /* free(resp->resp); XXX */
+      /* free(resp); XXX */
+    }
+  
+  return ret;
 }
 
 int
-pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_authenticate(pam_handle_t *pamh,
+		    int flags,
+		    int argc,
+		    const char **argv)
 {
-    char *user;
-    int ret;
-    struct pam_conv *conv;
-    ret = pam_get_user(pamh, &user, "login: ");
-    if(ret != PAM_SUCCESS)
-	return ret;
+  char *user;
+  int ret;
+  struct pam_conv *conv;
+  struct passwd *pw;
+  uid_t uid = -1;
+  const char *name, *inst;
+  char realm[REALM_SZ];
+  realm[0] = 0;
+
+  parse_ctrl(argc, argv);
+  ENTRY("pam_sm_authenticate");
+
+  ret = pam_get_user(pamh, &user, "login: ");
+  if (ret != PAM_SUCCESS)
+    return ret;
+
+  if (ctrl_on(KRB4_IGNORE_ROOT) && strcmp(user, "root") == 0)
+    return PAM_AUTHINFO_UNAVAIL;
 
-    ret = pam_get_item(pamh, PAM_CONV, (void*)&conv);
-    if(ret != PAM_SUCCESS)
-	return ret;
+  ret = pam_get_item(pamh, PAM_CONV, (void*)&conv);
+  if (ret != PAM_SUCCESS)
+    return ret;
 
+  pw = getpwnam(user);
+  if (pw != 0)
+    {
+      uid = pw->pw_uid;
+      set_tkt_string(uid);
+    }
     
-    if(getuid() != geteuid())
-	return auth_su(pamh, flags, user, conv);
-    else
-	return auth_login(pamh, flags, user, conv);
+  if (strcmp(user, "root") == 0 && getuid() != 0)
+    {
+      pw = getpwuid(getuid());
+      if (pw != 0)
+	{
+	  name = strdup(pw->pw_name);
+	  inst = "root";
+	}
+    }
+  else
+    {
+      name = user;
+      inst = "";
+    }
+
+  ret = krb4_auth(pamh, flags, name, inst, conv);
+
+  /*
+   * The realm was lost inside krb_verify_user() so we can't simply do
+   * a krb_kuserok() when inst != "".
+   */
+  if (ret == PAM_SUCCESS && inst[0] != 0)
+    {
+      uid_t old_euid = geteuid();
+      uid_t old_ruid = getuid();
+
+      setreuid(0, 0);		/* To read ticket file. */
+      if (krb_get_tf_fullname(tkt_string(), 0, 0, realm) != KSUCCESS)
+	ret = PAM_SERVICE_ERR;
+      else if (krb_kuserok(name, inst, realm, user) != KSUCCESS)
+	{
+	  setreuid(0, uid);	/*  To read ~/.klogin. */
+	  if (krb_kuserok(name, inst, realm, user) != KSUCCESS)
+	    ret = PAM_PERM_DENIED;
+	}
+
+      if (ret != PAM_SUCCESS)
+	{
+	  dest_tkt();		/* Passwd known, ok to kill ticket. */
+	  psyslog(LOG_NOTICE,
+		  "%s.%s@%s is not allowed to log in as %s",
+		  name, inst, realm, user);
+	}
+
+      setreuid(old_ruid, old_euid);
+      if (getuid() != old_ruid || geteuid() != old_euid)
+	{
+	  psyslog(LOG_ALERT , "setreuid(%d, %d) failed at line %d",
+		  old_ruid, old_euid, __LINE__);
+	  exit(1);
+	}
+    }
+
+  if (ret == PAM_SUCCESS)
+    {
+      psyslog(LOG_INFO,
+	      "%s.%s@%s authenticated as user %s",
+	      name, inst, realm, user);
+      if (chown(tkt_string(), uid, -1) == -1)
+	{
+	  dest_tkt();
+	  psyslog(LOG_ALERT , "chown(%s, %d, -1) failed", tkt_string(), uid);
+	  exit(1);
+	}
+    }
+
+  /*
+   * Kludge alert!!! Sun dtlogin unlock screen fails to call
+   * pam_setcred(3) with PAM_REFRESH_CRED after a successful
+   * authentication attempt, sic.
+   *
+   * This hack is designed as a workaround to that problem.
+   */
+  if (ctrl_on(KRB4_REAFSLOG))
+    if (ret == PAM_SUCCESS)
+      pam_sm_setcred(pamh, PAM_REFRESH_CRED, argc, argv);
+  
+  return ret;
 }
 
 int 
 pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
-    return PAM_SUCCESS;
-}
+  parse_ctrl(argc, argv);
+  ENTRY("pam_sm_setcred");
 
+  switch (flags & ~PAM_SILENT) {
+  case 0:
+  case PAM_ESTABLISH_CRED:
+    if (k_hasafs())
+      k_setpag();
+    /* Fall through, fill PAG with credentials below. */
+  case PAM_REINITIALIZE_CRED:
+  case PAM_REFRESH_CRED:
+    if (k_hasafs())
+      {
+	void *user = 0;
+
+	if (pam_get_item(pamh, PAM_USER, &user) == PAM_SUCCESS)
+	  {
+	    struct passwd *pw = getpwnam((char *)user);
+	    if (pw != 0)
+	      krb_afslog_uid_home(/*cell*/ 0,/*realm_hint*/ 0,
+				  pw->pw_uid, pw->pw_dir);
+	  }
+      }
+    break;
+  case PAM_DELETE_CRED:
+    dest_tkt();
+    if (k_hasafs())
+      k_unlog();
+    break;
+  default:
+    psyslog(LOG_ALERT , "pam_sm_setcred: unknown flags 0x%x", flags);
+    break;
+  }
+  
+  return PAM_SUCCESS;
+}
 
 int
 pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
-    char *tkt, *var;
-    void *user;
-    const char *homedir = NULL;
-
-    if(pam_get_item (pamh, PAM_USER, &user) == PAM_SUCCESS) {
-	struct passwd *pwd;
+  parse_ctrl(argc, argv);
+  ENTRY("pam_sm_open_session");
 
-	pwd = getpwnam ((char *)user);
-	if (pwd != NULL)
-	    homedir = pwd->pw_dir;
-    }
-
-    pam_get_data(pamh, "KRBTKFILE", (const void**)&tkt);
-    var = malloc(strlen("KRBTKFILE=") + strlen(tkt) + 1);
-    strcpy(var, "KRBTKFILE=");
-    strcat(var, tkt);
-    putenv(var);
-    pam_putenv(pamh, var);
-    if(k_hasafs()){
-	k_setpag();
-	krb_afslog_home(0, 0, homedir);
-    }
-    return PAM_SUCCESS;
+  return PAM_SUCCESS;
 }
 
 
 int
-pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char**argv)
 {
-    dest_tkt();
-    if(k_hasafs())
-	k_unlog();
-    return PAM_SUCCESS;
+  parse_ctrl(argc, argv);
+  ENTRY("pam_sm_close_session");
+
+  /* This isn't really kosher, but it's handy. */
+  pam_sm_setcred(pamh, PAM_DELETE_CRED, argc, argv);
+
+  return PAM_SUCCESS;
 }
diff --git a/crypto/kerberosIV/lib/auth/pam/pam.conf.add b/crypto/kerberosIV/lib/auth/pam/pam.conf.add
index 42497d2b44a0..64a4915dbf48 100644
--- a/crypto/kerberosIV/lib/auth/pam/pam.conf.add
+++ b/crypto/kerberosIV/lib/auth/pam/pam.conf.add
@@ -1,8 +1,8 @@
 To enable PAM in dtlogin and /bin/login under SunOS 5.6 apply this patch:
 
 --- /etc/pam.conf.DIST	Mon Jul 20 15:37:46 1998
-+++ /etc/pam.conf	Tue Nov 30 18:47:22 1999
-@@ -4,12 +4,14 @@
++++ /etc/pam.conf	Tue Feb 15 19:39:12 2000
+@@ -4,15 +4,19 @@
  #
  # Authentication management
  #
@@ -17,12 +17,17 @@ To enable PAM in dtlogin and /bin/login under SunOS 5.6 apply this patch:
  dtlogin	auth required 	/usr/lib/security/pam_unix.so.1 
  #
  rsh	auth required	/usr/lib/security/pam_rhosts_auth.so.1
-@@ -24,6 +26,8 @@
++# Reafslog is for dtlogin lock display
++other	auth sufficient	/usr/athena/lib/pam_krb4.so reafslog
+ other	auth required	/usr/lib/security/pam_unix.so.1
+ #
+ # Account management
+@@ -24,6 +28,8 @@
  #
  # Session management
  #
-+dtlogin	session	required	/usr/athena/lib/pam_krb4.so
-+login	session	required	/usr/athena/lib/pam_krb4.so
++dtlogin	session required	/usr/athena/lib/pam_krb4.so
++login	session required	/usr/athena/lib/pam_krb4.so
  other	session required	/usr/lib/security/pam_unix.so.1 
  #
  # Password management
diff --git a/crypto/kerberosIV/lib/auth/sia/Makefile.in b/crypto/kerberosIV/lib/auth/sia/Makefile.in
index 69858bd60257..a17c3417a208 100644
--- a/crypto/kerberosIV/lib/auth/sia/Makefile.in
+++ b/crypto/kerberosIV/lib/auth/sia/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.30 1999/11/15 10:20:50 assar Exp $
+# $Id: Makefile.in,v 1.30.2.1 2000/06/23 03:20:06 assar Exp $
 #
 
 SHELL = /bin/sh
@@ -57,7 +57,7 @@ Wall:
 install: all
 	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
 	-if test "$(LIB)" != ""; then \
-	  $(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
+	  $(INSTALL_DATA) $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
 	fi
 
 uninstall:
diff --git a/crypto/kerberosIV/lib/auth/sia/sia.c b/crypto/kerberosIV/lib/auth/sia/sia.c
index 73cd53e7dced..979bb58bb81e 100644
--- a/crypto/kerberosIV/lib/auth/sia/sia.c
+++ b/crypto/kerberosIV/lib/auth/sia/sia.c
@@ -33,7 +33,7 @@
 
 #include "sia_locl.h"
 
-RCSID("$Id: sia.c,v 1.32 1999/10/03 15:49:36 joda Exp $");
+RCSID("$Id: sia.c,v 1.32.2.1 1999/12/20 09:49:30 joda Exp $");
 
 int 
 siad_init(void)
@@ -145,7 +145,7 @@ doauth(SIAENTITY *entity, int pkgind, char *name)
 	
 #ifdef SIA_KRB4
     snprintf(s->ticket, sizeof(s->ticket),
-	     TKT_ROOT "%u_%u", (unsigned)pwd->pw_uid, (unsigned)getpid());
+	     "%s%u_%u", TKT_ROOT, (unsigned)pwd->pw_uid, (unsigned)getpid());
     krb_get_lrealm(realm, 1);
     toname = name;
     toinst = "";
@@ -160,8 +160,8 @@ doauth(SIAENTITY *entity, int pkgind, char *name)
 	    SIA_DEBUG(("DEBUG", "failed to getpwuid(%u)", ouid));
 	    return SIADFAIL;
 	}
-	snprintf(s->ticket, sizeof(s->ticket), TKT_ROOT "_%s_to_%s_%d", 
-		 fpwd->pw_name, pwd->pw_name, getpid());
+	snprintf(s->ticket, sizeof(s->ticket), "%s_%s_to_%s_%d", 
+		 TKT_ROOT, fpwd->pw_name, pwd->pw_name, getpid());
 	if(strcmp(pwd->pw_name, "root") == 0){
 	    toname = fpwd->pw_name;
 	    toinst = pwd->pw_name;
@@ -454,7 +454,7 @@ init_change(sia_collect_func_t *collect, krb_principal *princ)
     if(ret != SIACOLSUCCESS)
 	return SIADFAIL;
     snprintf(tktstring, sizeof(tktstring), 
-	     TKT_ROOT "_cpw_%u", (unsigned)getpid());
+	     "%s_cpw_%u", TKT_ROOT, (unsigned)getpid());
     krb_set_tkt_string(tktstring);
     
     ret = krb_get_pw_in_tkt(princ->name, princ->instance, princ->realm, 
diff --git a/crypto/kerberosIV/lib/com_err/ChangeLog b/crypto/kerberosIV/lib/com_err/ChangeLog
new file mode 100644
index 000000000000..ea7a5f6d01ee
--- /dev/null
+++ b/crypto/kerberosIV/lib/com_err/ChangeLog
@@ -0,0 +1,106 @@
+1999-07-03  Assar Westerlund  <assar@sics.se>
+
+	* parse.y (statement): use asprintf
+
+1999-06-13  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: make it solaris make vpath-safe
+
+Thu Apr  1 11:13:53 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* compile_et.c: use getargs
+
+Sat Mar 20 00:16:30 1999  Assar Westerlund  <assar@sics.se>
+
+	* compile_et.c: static-ize
+
+Thu Mar 18 11:22:13 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: include Makefile.am.common
+
+Tue Mar 16 22:30:05 1999  Assar Westerlund  <assar@sics.se>
+
+	* parse.y: use YYACCEPT instead of return
+
+Sat Mar 13 22:22:56 1999  Assar Westerlund  <assar@sics.se>
+
+	* compile_et.c (generate_h): cast when calling is* to get rid of a
+ 	warning
+
+Thu Mar 11 15:00:51 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* parse.y: prototype for error_message
+
+Sun Nov 22 10:39:02 1998  Assar Westerlund  <assar@sics.se>
+
+	* compile_et.h: include ctype and roken
+
+	* compile_et.c: include err.h
+	(generate_h): remove unused variable
+
+	* Makefile.in (WFLAGS): set
+
+Fri Nov 20 06:58:59 1998  Assar Westerlund  <assar@sics.se>
+
+	* lex.l: undef ECHO to work around AIX lex bug
+
+Sun Sep 27 02:23:59 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* com_err.c (error_message): try to pass code to strerror, to see
+ 	if it might be an errno code (this if broken, but some MIT code
+ 	seems to expect this behaviour)
+
+Sat Sep 26 17:42:39 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* compile_et.c: <foo_err.h> -> "foo_err.h"
+
+Tue Jun 30 17:17:36 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: add str{cpy,cat}_truncate
+
+Mon May 25 05:24:39 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (clean): try to remove shared library debris
+
+Sun Apr 19 09:50:17 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: add symlink magic for linux
+
+Sun Apr  5 09:22:11 1998  Assar Westerlund  <assar@sics.se>
+
+	* parse.y: define alloca to malloc in case we're using bison but
+ 	don't have alloca
+
+Tue Mar 24 05:13:01 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: link with snprintf (From Derrick J Brashear
+ 	<shadow@dementia.org>)
+
+Fri Feb 27 05:01:42 1998  Assar Westerlund  <assar@sics.se>
+
+	* parse.y: initialize ec->next
+
+Thu Feb 26 02:22:25 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: @LEXLIB@
+
+Sat Feb 21 15:18:54 1998  assar westerlund  <assar@sics.se>
+
+	* Makefile.in: set YACC and LEX
+
+Tue Feb 17 22:20:27 1998  Bjoern Groenvall  <bg@sics.se>
+
+	* com_right.h: Change typedefs so that one may mix MIT compile_et
+ 	generated code with krb4 dito.
+
+Tue Feb 17 16:30:55 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* compile_et.c (generate): Always return a value.
+
+	* parse.y: Files don't have to end with `end'.
+
+Mon Feb 16 16:09:20 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* lex.l (getstring): Replace getc() with input().
+
+	* Makefile.am: Fixes for new compile_et.
diff --git a/crypto/kerberosIV/lib/com_err/Makefile.am b/crypto/kerberosIV/lib/com_err/Makefile.am
new file mode 100644
index 000000000000..2c7525b96d23
--- /dev/null
+++ b/crypto/kerberosIV/lib/com_err/Makefile.am
@@ -0,0 +1,24 @@
+# $Id: Makefile.am,v 1.23 1999/04/09 18:26:55 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+YFLAGS = -d
+
+lib_LTLIBRARIES = libcom_err.la
+libcom_err_la_LDFLAGS = -version-info 1:0:0
+
+bin_PROGRAMS = compile_et
+
+include_HEADERS = com_err.h com_right.h
+
+compile_et_SOURCES = compile_et.c compile_et.h parse.y lex.l
+
+libcom_err_la_SOURCES = error.c com_err.c roken_rename.h
+
+CLEANFILES = lex.c parse.c parse.h
+
+$(compile_et_OBJECTS): parse.h
+
+compile_et_LDADD = \
+	$(LIB_roken) \
+	$(LEXLIB)
diff --git a/crypto/kerberosIV/lib/com_err/Makefile.in b/crypto/kerberosIV/lib/com_err/Makefile.in
new file mode 100644
index 000000000000..883b5225b46e
--- /dev/null
+++ b/crypto/kerberosIV/lib/com_err/Makefile.in
@@ -0,0 +1,151 @@
+#
+# $Id: Makefile.in,v 1.30.2.1 2000/10/10 14:34:33 assar Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+LN_S = @LN_S@
+DEFS = @DEFS@ -DROKEN_RENAME
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+EXECSUFFIX=@EXECSUFFIX@
+
+YACC = @YACC@
+LEX = @LEX@
+
+INSTALL = @INSTALL@
+INSTALL_DATA	= @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+bindir = @bindir@
+includedir = @includedir@
+
+PICFLAGS = @PICFLAGS@
+ 
+LIB_DEPS = @lib_deps_yes@ -lc
+build_symlink_command   = @build_symlink_command@
+#install_symlink_command = @install_symlink_command@
+install_symlink_command = @true
+
+LIBNAME = $(LIBPREFIX)com_err
+#LIBEXT = @LIBEXT@ Always build archive library!
+LIBEXT = a
+SHLIBEXT = @SHLIBEXT@
+LIBPREFIX = @LIBPREFIX@
+LDSHARED = @LDSHARED@
+LIB = $(LIBNAME).$(LIBEXT)
+lib_LIBRARIES = $(LIBNAME).$(LIBEXT)
+bin_PROGRAMS = compile_et$(EXECSUFFIX)
+include_HEADERS = com_right.h com_err.h
+
+SOURCES = error.c com_err.c compile_et.c
+OBJECTS = error.o com_err.o $(LIBADD)
+EXTRA_SOURCES =
+LIBADD =
+
+all: $(lib_LIBRARIES) $(bin_PROGRAMS) $(include_HEADERS)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../include -I. -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(includedir)
+	@for i in $(include_HEADERS); do \
+	f=`basename $$i`; \
+	if test -f "$(srcdir)/$$f" ; then x="$(srcdir)/$$f"; \
+	else x="$$f"; fi ;\
+	echo "$(INSTALL_DATA) $$x $(DESTDIR)$(includedir)/$$f" ;\
+	$(INSTALL_DATA) $$x $(DESTDIR)$(includedir)/$$f ; done
+
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	@for i in $(lib_LIBRARIES); do \
+	echo "$(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i" ;\
+	$(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i ; done
+	@install_symlink_command@
+
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
+	@for i in $(bin_PROGRAMS); do \
+	echo "$(INSTALL) -m 0555 $$i $(DESTDIR)$(bindir)/$$i" ;\
+	$(INSTALL) -m 0555 $$i $(DESTDIR)$(bindir)/$$i ; done
+
+uninstall:
+	@for i in $(include_HEADERS); do \
+	f=`basename $$i`; \
+	echo "rm -f $(DESTDIR)$(includedir)/$$f" ;\
+	rm -f $(DESTDIR)$(includedir)/$$f ; done
+
+	@for i in $(lib_LIBRARIES); do \
+	echo "rm -f $(DESTDIR)$(libdir)/$$i" ;\
+	rm -f $(DESTDIR)$(libdir)/$$i ; done
+
+	@for i in $(bin_PROGRAMS); do \
+	echo "rm -f $(DESTDIR)$(bindir)/$$i" ;\
+	rm -f $(DESTDIR)$(bindir)/$$i ; done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+clean:
+	rm -f $(LIB) *.o *.a *.so *.so.* so_locations \
+	krb_err.c krb_err.h parse.h parse.c lex.c \
+	$(lib_LIBRARIES) $(bin_PROGRAMS) $(EXTRA_SOURCES)
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+$(LIBNAME).a: $(OBJECTS)
+	rm -f $@
+	$(AR) cr $@ $(OBJECTS)
+	-$(RANLIB) $@
+
+$(LIBNAME).$(SHLIBEXT): $(OBJECTS)
+	rm -f $@
+	$(LDSHARED) -o $@ $(OBJECTS) $(LIB_DEPS)
+	@build_symlink_command@
+
+COBJ = compile_et.o parse.o lex.o
+
+$(COBJ): parse.h
+
+compile_et$(EXECSUFFIX): $(COBJ)
+	$(LINK) $(CFLAGS) -o $@ $(COBJ) -L../roken -lroken
+
+parse.c: parse.h
+parse.h: $(srcdir)/parse.y
+	$(YACC) -d $(srcdir)/parse.y
+	mv -f y.tab.h parse.h
+	mv -f y.tab.c parse.c
+
+lex.c: $(srcdir)/lex.l
+	$(LEX) $(srcdir)/lex.l
+	mv -f lex.yy.c lex.c
+
+snprintf.c:
+	$(LN_S) $(srcdir)/../roken/snprintf.c .
+
+strlcat.c:
+	$(LN_S) $(srcdir)/../roken/strlcat.c .
+
+strlcpy.c:
+	$(LN_S) $(srcdir)/../roken/strlcpy.c .
+
+.PHONY: all Wall install uninstall clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/com_err/com_err.c b/crypto/kerberosIV/lib/com_err/com_err.c
new file mode 100644
index 000000000000..d945d1268438
--- /dev/null
+++ b/crypto/kerberosIV/lib/com_err/com_err.c
@@ -0,0 +1,151 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: com_err.c,v 1.14.2.1 2000/06/23 03:22:13 assar Exp $");
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <roken.h>
+#include "com_err.h"
+
+struct et_list *_et_list = NULL;
+
+
+const char *
+error_message (long code)
+{
+    static char msg[128];
+    const char *p = com_right(_et_list, code);
+    if (p == NULL)
+	p = strerror(code);
+    if (p != NULL && *p != '\0') {
+	strncpy(msg, p, sizeof(msg) - 1);
+	msg[sizeof(msg) - 1] = 0;
+    } else 
+	sprintf(msg, "Unknown error %ld", code);
+    return msg;
+}
+
+int
+init_error_table(const char **msgs, long base, int count)
+{
+    initialize_error_table_r(&_et_list, msgs, count, base);
+    return 0;
+}
+
+static void
+default_proc (const char *whoami, long code, const char *fmt, va_list args)
+{
+    if (whoami)
+      fprintf(stderr, "%s: ", whoami);
+    if (code)
+      fprintf(stderr, "%s ", error_message(code));
+    if (fmt)
+      vfprintf(stderr, fmt, args);
+    fprintf(stderr, "\r\n");	/* ??? */
+}
+
+static errf com_err_hook = default_proc;
+
+void 
+com_err_va (const char *whoami, 
+	    long code, 
+	    const char *fmt, 
+	    va_list args)
+{
+    (*com_err_hook) (whoami, code, fmt, args);
+}
+
+void
+com_err (const char *whoami,
+	 long code,
+	 const char *fmt, 
+	 ...)
+{
+    va_list ap;
+    va_start(ap, fmt);
+    com_err_va (whoami, code, fmt, ap);
+    va_end(ap);
+}
+
+errf
+set_com_err_hook (errf new)
+{
+    errf old = com_err_hook;
+
+    if (new)
+	com_err_hook = new;
+    else
+	com_err_hook = default_proc;
+    
+    return old;
+}
+
+errf
+reset_com_err_hook (void) 
+{
+    return set_com_err_hook(NULL);
+}
+
+#define ERRCODE_RANGE   8       /* # of bits to shift table number */
+#define BITS_PER_CHAR   6       /* # bits to shift per character in name */
+
+static const char char_set[] =
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_";
+
+static char buf[6];
+
+const char *
+error_table_name(int num)
+{
+    int ch;
+    int i;
+    char *p;
+
+    /* num = aa aaa abb bbb bcc ccc cdd ddd d?? ??? ??? */
+    p = buf;
+    num >>= ERRCODE_RANGE;
+    /* num = ?? ??? ??? aaa aaa bbb bbb ccc ccc ddd ddd */
+    num &= 077777777;
+    /* num = 00 000 000 aaa aaa bbb bbb ccc ccc ddd ddd */
+    for (i = 4; i >= 0; i--) {
+        ch = (num >> BITS_PER_CHAR * i) & ((1 << BITS_PER_CHAR) - 1);
+        if (ch != 0)
+            *p++ = char_set[ch-1];
+    }
+    *p = '\0';
+    return(buf);
+}
diff --git a/crypto/kerberosIV/lib/com_err/com_err.h b/crypto/kerberosIV/lib/com_err/com_err.h
new file mode 100644
index 000000000000..06373de37a5f
--- /dev/null
+++ b/crypto/kerberosIV/lib/com_err/com_err.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: com_err.h,v 1.4.2.1 2000/06/23 03:23:05 assar Exp $ */
+
+/* MIT compatible com_err library */
+
+#ifndef __COM_ERR_H__
+#define __COM_ERR_H__
+
+#include <com_right.h>
+
+typedef void (*errf) __P((const char *, long, const char *, va_list));
+
+const char * error_message __P((long));
+int init_error_table __P((const char**, long, int));
+
+void com_err_va __P((const char *, long, const char *, va_list));
+void com_err __P((const char *, long, const char *, ...));
+
+errf set_com_err_hook __P((errf));
+errf reset_com_err_hook __P((void));
+
+const char *error_table_name  __P((int num));
+
+#endif /* __COM_ERR_H__ */
diff --git a/crypto/kerberosIV/lib/com_err/com_right.h b/crypto/kerberosIV/lib/com_err/com_right.h
new file mode 100644
index 000000000000..e8c7488593e6
--- /dev/null
+++ b/crypto/kerberosIV/lib/com_err/com_right.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: com_right.h,v 1.9.2.1 2000/06/23 03:23:44 assar Exp $ */
+
+#ifndef __COM_RIGHT_H__
+#define __COM_RIGHT_H__
+
+#ifdef __STDC__
+#include <stdarg.h>
+#endif
+
+#ifndef __P
+#ifdef __STDC__
+#define __P(X) X
+#else
+#define __P(X) ()
+#endif
+#endif
+
+struct error_table {
+    char const * const * msgs;
+    long base;
+    int n_msgs;
+};
+struct et_list {
+    struct et_list *next;
+    struct error_table *table;
+};
+extern struct et_list *_et_list;
+
+const char *com_right __P((struct et_list *list, long code));
+void initialize_error_table_r __P((struct et_list **, const char **, int, long);)
+void free_error_table __P((struct et_list *));
+
+#endif /* __COM_RIGHT_H__ */
diff --git a/crypto/kerberosIV/lib/com_err/compile_et.c b/crypto/kerberosIV/lib/com_err/compile_et.c
new file mode 100644
index 000000000000..f982dcd5a5ff
--- /dev/null
+++ b/crypto/kerberosIV/lib/com_err/compile_et.c
@@ -0,0 +1,235 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#undef ROKEN_RENAME
+#include "compile_et.h"
+#include <getarg.h>
+
+RCSID("$Id: compile_et.c,v 1.13 1999/12/02 16:58:38 joda Exp $");
+
+#include <roken.h>
+#include <err.h>
+#include "parse.h"
+
+int numerror;
+extern FILE *yyin;
+
+extern void yyparse(void);
+
+long base;
+int number;
+char *prefix;
+char *id_str;
+
+char name[128];
+char Basename[128];
+
+#ifdef YYDEBUG
+extern int yydebug = 1;
+#endif
+
+char *filename;
+char hfn[128];
+char cfn[128];
+
+struct error_code *codes = NULL;
+
+static int
+generate_c(void)
+{
+    int n;
+    struct error_code *ec;
+
+    FILE *c_file = fopen(cfn, "w");
+    if(c_file == NULL)
+	return 1;
+
+    fprintf(c_file, "/* Generated from %s */\n", filename);
+    if(id_str) 
+	fprintf(c_file, "/* %s */\n", id_str);
+    fprintf(c_file, "\n");
+    fprintf(c_file, "#include <stddef.h>\n");
+    fprintf(c_file, "#include <com_err.h>\n");
+    fprintf(c_file, "#include \"%s\"\n", hfn);
+    fprintf(c_file, "\n");
+
+    fprintf(c_file, "static const char *text[] = {\n");
+
+    for(ec = codes, n = 0; ec; ec = ec->next, n++) {
+	while(n < ec->number) {
+	    fprintf(c_file, "\t/* %03d */ \"Reserved %s error (%d)\",\n",
+		    n, name, n);
+	    n++;
+	    
+	}
+	fprintf(c_file, "\t/* %03d */ \"%s\",\n", ec->number, ec->string);
+    }
+
+    fprintf(c_file, "\tNULL\n");
+    fprintf(c_file, "};\n");
+    fprintf(c_file, "\n");
+    fprintf(c_file, 
+	    "void initialize_%s_error_table_r(struct et_list **list)\n", 
+	    name);
+    fprintf(c_file, "{\n");
+    fprintf(c_file, 
+	    "    initialize_error_table_r(list, text, "
+	    "%s_num_errors, ERROR_TABLE_BASE_%s);\n", name, name);
+    fprintf(c_file, "}\n");
+    fprintf(c_file, "\n");
+    fprintf(c_file, "void initialize_%s_error_table(void)\n", name);
+    fprintf(c_file, "{\n");
+    fprintf(c_file,
+	    "    init_error_table(text, ERROR_TABLE_BASE_%s, "
+	    "%s_num_errors);\n", name, name);
+    fprintf(c_file, "}\n");
+
+    fclose(c_file);
+    return 0;
+}
+
+static int
+generate_h(void)
+{
+    struct error_code *ec;
+    char fn[128];
+    FILE *h_file = fopen(hfn, "w");
+    char *p;
+
+    if(h_file == NULL)
+	return 1;
+
+    snprintf(fn, sizeof(fn), "__%s__", hfn);
+    for(p = fn; *p; p++)
+	if(!isalnum((unsigned char)*p))
+	    *p = '_';
+    
+    fprintf(h_file, "/* Generated from %s */\n", filename);
+    if(id_str) 
+	fprintf(h_file, "/* %s */\n", id_str);
+    fprintf(h_file, "\n");
+    fprintf(h_file, "#ifndef %s\n", fn);
+    fprintf(h_file, "#define %s\n", fn);
+    fprintf(h_file, "\n");
+    fprintf(h_file, "#include <com_right.h>\n");
+    fprintf(h_file, "\n");
+    fprintf(h_file, 
+	    "void initialize_%s_error_table_r(struct et_list **);\n",
+	    name);
+    fprintf(h_file, "\n");
+    fprintf(h_file, "void initialize_%s_error_table(void);\n", name);
+    fprintf(h_file, "#define init_%s_err_tbl initialize_%s_error_table\n", 
+	    name, name);
+    fprintf(h_file, "\n");
+    fprintf(h_file, "typedef enum %s_error_number{\n", name);
+    fprintf(h_file, "\tERROR_TABLE_BASE_%s = %ld,\n", name, base);
+    fprintf(h_file, "\t%s_err_base = %ld,\n", name, base);
+
+    for(ec = codes; ec; ec = ec->next) {
+	fprintf(h_file, "\t%s = %ld,\n", ec->name, base + ec->number);
+    }
+
+    fprintf(h_file, "\t%s_num_errors = %d\n", name, number);
+    fprintf(h_file, "} %s_error_number;\n", name);
+    fprintf(h_file, "\n");
+    fprintf(h_file, "#endif /* %s */\n", fn);
+
+
+    fclose(h_file);
+    return 0;
+}
+
+static int
+generate(void)
+{
+    return generate_c() || generate_h();
+}
+
+int version_flag;
+int help_flag;
+struct getargs args[] = {
+    { "version", 0, arg_flag, &version_flag },
+    { "help", 0, arg_flag, &help_flag }
+};
+int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int code)
+{
+    arg_printusage(args, num_args, NULL, "error-table");
+    exit(code);
+}
+
+int
+main(int argc, char **argv)
+{
+    char *p;
+    int optind = 0;
+
+    set_progname(argv[0]);
+    if(getarg(args, num_args, argc, argv, &optind))
+	usage(1);
+    if(help_flag)
+	usage(0);
+    if(version_flag) {
+	print_version(NULL);
+	exit(0);
+    }
+
+    if(optind == argc) 
+	usage(1);
+    filename = argv[optind];
+    yyin = fopen(filename, "r");
+    if(yyin == NULL)
+	err(1, "%s", filename);
+	
+    
+    p = strrchr(filename, '/');
+    if(p)
+	p++;
+    else
+	p = filename;
+    strncpy(Basename, p, sizeof(Basename));
+    Basename[sizeof(Basename) - 1] = '\0';
+    
+    Basename[strcspn(Basename, ".")] = '\0';
+    
+    snprintf(hfn, sizeof(hfn), "%s.h", Basename);
+    snprintf(cfn, sizeof(cfn), "%s.c", Basename);
+    
+    yyparse();
+    if(numerror)
+	return 1;
+
+    return generate();
+}
diff --git a/crypto/kerberosIV/lib/com_err/compile_et.h b/crypto/kerberosIV/lib/com_err/compile_et.h
new file mode 100644
index 000000000000..e9c5e7bbc8ee
--- /dev/null
+++ b/crypto/kerberosIV/lib/com_err/compile_et.h
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: compile_et.h,v 1.4 1999/12/02 16:58:38 joda Exp $ */
+
+#ifndef __COMPILE_ET_H__
+#define __COMPILE_ET_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <ctype.h>
+
+#include <roken.h>
+
+extern long base;
+extern int number;
+extern char *prefix;
+extern char name[128];
+extern char *id_str;
+extern char *filename;
+extern int numerror;
+
+struct error_code {
+    unsigned number;
+    char *name;
+    char *string;
+    struct error_code *next, **tail;
+};
+
+extern struct error_code *codes;
+
+#define APPEND(L, V) 				\
+do {						\
+    if((L) == NULL) {				\
+	(L) = (V);				\
+	(L)->tail = &(V)->next;			\
+	(L)->next = NULL;			\
+    }else{					\
+	*(L)->tail = (V);			\
+	(L)->tail = &(V)->next;			\
+    }						\
+}while(0)
+
+#endif /* __COMPILE_ET_H__ */
diff --git a/crypto/kerberosIV/lib/com_err/error.c b/crypto/kerberosIV/lib/com_err/error.c
new file mode 100644
index 000000000000..d1220076d3da
--- /dev/null
+++ b/crypto/kerberosIV/lib/com_err/error.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: error.c,v 1.14 1999/12/02 16:58:38 joda Exp $");
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <com_right.h>
+
+const char *
+com_right(struct et_list *list, long code)
+{
+    struct et_list *p;
+    for (p = list; p; p = p->next) {
+	if (code >= p->table->base && code < p->table->base + p->table->n_msgs)
+	    return p->table->msgs[code - p->table->base];
+    }
+    return NULL;
+}
+
+struct foobar {
+    struct et_list etl;
+    struct error_table et;
+};
+
+void
+initialize_error_table_r(struct et_list **list, 
+			 const char **messages, 
+			 int num_errors,
+			 long base)
+{
+    struct et_list *et;
+    struct foobar *f;
+    for (et = *list; et; et = et->next)
+        if (et->table->msgs == messages)
+            return;
+    f = malloc(sizeof(*f));
+    if (f == NULL)
+        return;
+    et = &f->etl;
+    et->table = &f->et;
+    et->table->msgs = messages;
+    et->table->n_msgs = num_errors;
+    et->table->base = base;
+    et->next = *list;
+    *list = et;
+}
+			
+
+void
+free_error_table(struct et_list *et)
+{
+    while(et){
+	struct et_list *p = et;
+	et = et->next;
+	free(p);
+    }
+}
diff --git a/crypto/kerberosIV/lib/com_err/lex.l b/crypto/kerberosIV/lib/com_err/lex.l
new file mode 100644
index 000000000000..f5ee60ca8b40
--- /dev/null
+++ b/crypto/kerberosIV/lib/com_err/lex.l
@@ -0,0 +1,122 @@
+%{
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/*
+ * This is to handle the definition of this symbol in some AIX
+ * headers, which will conflict with the definition that lex will
+ * generate for it.  It's only a problem for AIX lex.
+ */
+
+#undef ECHO
+
+#include "compile_et.h"
+#include "parse.h"
+
+RCSID("$Id: lex.l,v 1.5 1999/12/02 16:58:38 joda Exp $");
+
+static unsigned lineno = 1;
+void error_message(char *, ...);
+int getstring(void);
+
+%}
+
+
+%%
+et			{ return ET; }
+error_table		{ return ET; }
+ec			{ return EC; }
+error_code		{ return EC; }
+prefix			{ return PREFIX; }
+index			{ return INDEX; }
+id			{ return ID; }
+end			{ return END; }
+[0-9]+			{ yylval.number = atoi(yytext); return NUMBER; }
+#[^\n]*			;
+[ \t]			;
+\n			{ lineno++; }
+\"			{ return getstring(); }
+[a-zA-Z0-9_]+		{ yylval.string = strdup(yytext); return STRING; }
+.			{ return *yytext; }
+%%
+
+#ifndef yywrap /* XXX */
+int
+yywrap () 
+{
+     return 1;
+}
+#endif
+
+int
+getstring(void)
+{
+    char x[128];
+    int i = 0;
+    int c;
+    int quote = 0;
+    while((c = input()) != EOF){
+	if(quote) {
+	    x[i++] = c;
+	    quote = 0;
+	    continue;
+	}
+	if(c == '\n'){
+	    error_message("unterminated string");
+	    lineno++;
+	    break;
+	}
+	if(c == '\\'){
+	    quote++;
+	    continue;
+	}
+	if(c == '\"')
+	    break;
+	x[i++] = c;
+    }
+    x[i] = '\0';
+    yylval.string = strdup(x);
+    return STRING;
+}
+
+void
+error_message (char *format, ...)
+{
+     va_list args;
+
+     va_start (args, format);
+     fprintf (stderr, "%s:%d:", filename, lineno);
+     vfprintf (stderr, format, args);
+     va_end (args);
+     numerror++;
+}
diff --git a/crypto/kerberosIV/lib/com_err/parse.y b/crypto/kerberosIV/lib/com_err/parse.y
new file mode 100644
index 000000000000..addf772f8262
--- /dev/null
+++ b/crypto/kerberosIV/lib/com_err/parse.y
@@ -0,0 +1,166 @@
+%{
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "compile_et.h"
+RCSID("$Id: parse.y,v 1.10 1999/12/02 16:58:38 joda Exp $");
+
+void yyerror (char *s);
+long name2number(const char *str);
+void error_message(char *, ...);
+
+extern char *yytext;
+
+/* This is for bison */
+
+#if !defined(alloca) && !defined(HAVE_ALLOCA)
+#define alloca(x) malloc(x)
+#endif
+
+%}
+
+%union {
+  char *string;
+  int number;
+}
+
+%token ET INDEX PREFIX EC ID END
+%token <string> STRING
+%token <number> NUMBER
+
+%%
+
+file		: /* */ 
+		| header statements
+		;
+
+header		: id et
+		| et
+		;
+
+id		: ID STRING
+		{
+		    id_str = $2;
+		}
+		;
+
+et		: ET STRING
+		{
+		    base = name2number($2);
+		    strncpy(name, $2, sizeof(name));
+		    name[sizeof(name) - 1] = '\0';
+		    free($2);
+		}
+		| ET STRING STRING
+		{
+		    base = name2number($2);
+		    strncpy(name, $3, sizeof(name));
+		    name[sizeof(name) - 1] = '\0';
+		    free($2);
+		    free($3);
+		}
+		;
+
+statements	: statement
+		| statements statement
+		;
+
+statement	: INDEX NUMBER 
+		{
+			number = $2;
+		}
+		| PREFIX STRING
+		{
+		    prefix = realloc(prefix, strlen($2) + 2);
+		    strcpy(prefix, $2);
+		    strcat(prefix, "_");
+		    free($2);
+		}
+		| PREFIX
+		{
+		    prefix = realloc(prefix, 1);
+		    *prefix = '\0';
+		}
+		| EC STRING ',' STRING
+		{
+		    struct error_code *ec = malloc(sizeof(*ec));
+
+		    ec->next = NULL;
+		    ec->number = number;
+		    if(prefix && *prefix != '\0') {
+			asprintf (&ec->name, "%s%s", prefix, $2);
+			free($2);
+		    } else
+			ec->name = $2;
+		    ec->string = $4;
+		    APPEND(codes, ec);
+		    number++;
+		}
+		| END
+		{
+			YYACCEPT;
+		}
+		;
+
+%%
+
+long
+name2number(const char *str)
+{
+    const char *p;
+    long base = 0;
+    const char *x = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+	"abcdefghijklmnopqrstuvwxyz0123456789_";
+    if(strlen(str) > 4) {
+	yyerror("table name too long");
+	return 0;
+    }
+    for(p = str; *p; p++){
+	char *q = strchr(x, *p);
+	if(q == NULL) {
+	    yyerror("invalid character in table name");
+	    return 0;
+	}
+	base = (base << 6) + (q - x) + 1;
+    }
+    base <<= 8;
+    if(base > 0x7fffffff)
+	base = -(0xffffffff - base + 1);
+    return base;
+}
+
+void
+yyerror (char *s)
+{
+     error_message ("%s\n", s);
+}
diff --git a/crypto/kerberosIV/lib/com_err/roken_rename.h b/crypto/kerberosIV/lib/com_err/roken_rename.h
new file mode 100644
index 000000000000..173c9a7d5ae9
--- /dev/null
+++ b/crypto/kerberosIV/lib/com_err/roken_rename.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: roken_rename.h,v 1.3 1999/12/02 16:58:38 joda Exp $ */
+
+#ifndef __roken_rename_h__
+#define __roken_rename_h__
+
+#endif /* __roken_rename_h__ */
diff --git a/crypto/kerberosIV/lib/kadm/Makefile.in b/crypto/kerberosIV/lib/kadm/Makefile.in
index ba97c5d755be..7f610c011def 100644
--- a/crypto/kerberosIV/lib/kadm/Makefile.in
+++ b/crypto/kerberosIV/lib/kadm/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.47 1998/10/13 16:50:44 joda Exp $
+# $Id: Makefile.in,v 1.47.4.1 2000/06/23 03:20:01 assar Exp $
 #
 
 SHELL = /bin/sh
@@ -11,6 +11,7 @@ CC = @CC@
 LINK = @LINK@
 AR = ar
 RANLIB = @RANLIB@
+CP = cp
 LN_S = @LN_S@
 DEFS = @DEFS@ -DROKEN_RENAME
 CFLAGS = @CFLAGS@ $(WFLAGS)
@@ -66,7 +67,7 @@ Wall:
 
 install: all
 	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
-	$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB)
+	$(INSTALL_DATA)  $(LIB) $(DESTDIR)$(libdir)/$(LIB)
 	@install_symlink_command@
 	$(MKINSTALLDIRS) $(DESTDIR)$(includedir)
 	@for i in $(inc_DATA); do \
@@ -117,8 +118,8 @@ roken_rename.h:
 all-local: $(inc_DATA)
 	@for i in $(inc_DATA); do \
 		if cmp -s  $$i $(idir)/$$i 2> /dev/null ; then :; else\
-			echo " $(INSTALL_DATA) $$i $(idir)/$$i"; \
-			$(INSTALL_DATA) $$i $(idir)/$$i; \
+			echo " $(CP) $$i $(idir)/$$i"; \
+			$(CP) $$i $(idir)/$$i; \
 		fi ; \
 	done
 
diff --git a/crypto/kerberosIV/lib/kafs/ChangeLog b/crypto/kerberosIV/lib/kafs/ChangeLog
index c9cd032deb4b..43e93f6576ba 100644
--- a/crypto/kerberosIV/lib/kafs/ChangeLog
+++ b/crypto/kerberosIV/lib/kafs/ChangeLog
@@ -1,3 +1,13 @@
+2000-03-20  Assar Westerlund  <assar@sics.se>
+
+	* afssysdefs.h: make versions later than 5.7 of solaris also use
+	73
+
+2000-03-13  Assar Westerlund  <assar@sics.se>
+
+	* afssysdefs.h: add 230 for MacOS X per information from
+	<warner.c@apple.com>
+
 1999-11-22  Assar Westerlund  <assar@sics.se>
 
 	* afskrb5.c (afslog_uid_int): handle d->realm == NULL
diff --git a/crypto/kerberosIV/lib/kafs/Makefile.in b/crypto/kerberosIV/lib/kafs/Makefile.in
index cefca2954e14..1a60bf75c2b3 100644
--- a/crypto/kerberosIV/lib/kafs/Makefile.in
+++ b/crypto/kerberosIV/lib/kafs/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.50 1999/09/16 20:41:46 assar Exp $
+# $Id: Makefile.in,v 1.50.2.2 2000/12/07 16:44:12 assar Exp $
 #
 
 SHELL = /bin/sh
@@ -58,8 +58,8 @@ Wall:
 install: all
 	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
 	@for i in $(LIB); do \
-	echo "$(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i" ;\
-	$(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i ; done
+	echo "$(INSTALL)  $$i $(DESTDIR)$(libdir)/$$i" ;\
+	$(INSTALL)  $$i $(DESTDIR)$(libdir)/$$i ; done
 	@install_symlink_command@
 
 uninstall:
@@ -83,13 +83,17 @@ distclean: clean
 realclean: distclean
 	rm -f TAGS
 
-$(LIBNAME).a: $(OBJECTS)
+$(LIBNAME)_pic.a: $(OBJECTS)
 	rm -f $@
 	$(AR) cr $@ $(OBJECTS)
 	-$(RANLIB) $@
 
+$(LIBNAME).a: $(OBJECTS)
+	rm -f $@
+	$(AR) cr $@ $(OBJECTS)
+	-$(RANLIB) $@
 
-$(LIBNAME).$(SHLIBEXT): $(OBJECTS)
+$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(LIBNAME)_pic.a
 	rm -f $@
 	$(LDSHARED) -o $@ $(OBJECTS) $(LIB_DEPS)
 	@build_symlink_command@
diff --git a/crypto/kerberosIV/lib/kafs/afskrb.c b/crypto/kerberosIV/lib/kafs/afskrb.c
index 805750dad605..ccfecb75d5c3 100644
--- a/crypto/kerberosIV/lib/kafs/afskrb.c
+++ b/crypto/kerberosIV/lib/kafs/afskrb.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,7 +33,7 @@
 
 #include "kafs_locl.h"
 
-RCSID("$Id: afskrb.c,v 1.13 1999/12/02 16:58:39 joda Exp $");
+RCSID("$Id: afskrb.c,v 1.13.2.1 2000/06/23 03:26:53 assar Exp $");
 
 struct krb_kafs_data {
     const char *realm;
@@ -69,13 +69,9 @@ afslog_uid_int(kafs_data *data,
 	return _kafs_afslog_all_local_cells (data, uid, homedir);
 
     /* Extract realm from ticket file. */
-    {
-        char name[ANAME_SZ], inst[INST_SZ];
-
-	ret = krb_get_default_principal(name, inst, realm);
-	if (ret != KSUCCESS)
-	    return ret;
-    }
+    ret = krb_get_tf_fullname(tkt_string(), NULL, NULL, realm);
+    if (ret != KSUCCESS)
+	return ret;
 
     ret = _kafs_get_cred(data, cell, realm_hint, realm, &c);
     
diff --git a/crypto/kerberosIV/lib/kafs/afssys.c b/crypto/kerberosIV/lib/kafs/afssys.c
index d49a65ac6c84..a45f4457eb55 100644
--- a/crypto/kerberosIV/lib/kafs/afssys.c
+++ b/crypto/kerberosIV/lib/kafs/afssys.c
@@ -33,7 +33,7 @@
 
 #include "kafs_locl.h"
 
-RCSID("$Id: afssys.c,v 1.65 1999/12/02 16:58:40 joda Exp $");
+RCSID("$Id: afssys.c,v 1.65.2.1 2000/06/23 03:27:23 assar Exp $");
 
 int _kafs_debug; /* this should be done in a better way */
 
@@ -113,6 +113,9 @@ map_syscall_name_to_number (const char *str, int *res)
     if (f == NULL)
 	return -1;
     while (fgets (buf, sizeof(buf), f) != NULL) {
+	if (buf[0] == '#')
+	    continue;
+
 	if (strncmp (str, buf, str_len) == 0) {
 	    char *begptr = buf + str_len;
 	    char *endptr;
diff --git a/crypto/kerberosIV/lib/kafs/afssysdefs.h b/crypto/kerberosIV/lib/kafs/afssysdefs.h
index 574b33f70af6..685e375816c1 100644
--- a/crypto/kerberosIV/lib/kafs/afssysdefs.h
+++ b/crypto/kerberosIV/lib/kafs/afssysdefs.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: afssysdefs.h,v 1.21 1999/12/02 16:58:40 joda Exp $ */
+/* $Id: afssysdefs.h,v 1.21.2.2 2000/03/26 20:10:11 assar Exp $ */
 
 /*
  * This section is for machines using single entry point AFS syscalls!
@@ -50,7 +50,7 @@
 #define AFS_SYSCALL	105
 #endif
 
-#if SunOS == 57
+#if SunOS >= 57
 #define AFS_SYSCALL	73
 #endif
 
@@ -82,6 +82,10 @@
 #define AFS_SYSCALL 210
 #endif
 
+#ifdef __APPLE__		/* MacOS X */
+#define AFS_SYSCALL 230
+#endif
+
 #ifdef SYS_afs_syscall
 #define AFS_SYSCALL3	SYS_afs_syscall
 #endif
diff --git a/crypto/kerberosIV/lib/kafs/dlfcn.c b/crypto/kerberosIV/lib/kafs/dlfcn.c
index e664fe3e5da6..728cf5cdd768 100644
--- a/crypto/kerberosIV/lib/kafs/dlfcn.c
+++ b/crypto/kerberosIV/lib/kafs/dlfcn.c
@@ -115,12 +115,12 @@ void *dlopen(const char *path, int mode)
 		}
 	if ((mp = (ModulePtr)calloc(1, sizeof(*mp))) == NULL) {
 		errvalid++;
-		snprintf (errbuf, "calloc: %s", strerror(errno));
+		snprintf (errbuf, sizeof(errbuf), "calloc: %s", strerror(errno));
 		return NULL;
 	}
 	if ((mp->name = strdup(path)) == NULL) {
 		errvalid++;
-		snprintf (errbuf, "strdup: %s", strerror(errno));
+		snprintf (errbuf, sizeof(errbuf), "strdup: %s", strerror(errno));
 		free(mp);
 		return NULL;
 	}
diff --git a/crypto/kerberosIV/lib/kdb/Makefile.in b/crypto/kerberosIV/lib/kdb/Makefile.in
index ac90e054cc57..119ff6bf1d3c 100644
--- a/crypto/kerberosIV/lib/kdb/Makefile.in
+++ b/crypto/kerberosIV/lib/kdb/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.40 1999/03/10 19:01:15 joda Exp $
+# $Id: Makefile.in,v 1.40.4.1 2000/06/23 03:20:00 assar Exp $
 #
 
 SHELL = /bin/sh
@@ -54,7 +54,7 @@ Wall:
 
 install: all
 	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
-	$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB)
+	$(INSTALL_DATA)  $(LIB) $(DESTDIR)$(libdir)/$(LIB)
 	@install_symlink_command@
 
 uninstall:
diff --git a/crypto/kerberosIV/lib/krb/Makefile.in b/crypto/kerberosIV/lib/krb/Makefile.in
index 301a9af2c87c..2196db2d2c75 100644
--- a/crypto/kerberosIV/lib/krb/Makefile.in
+++ b/crypto/kerberosIV/lib/krb/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.113 1999/11/25 05:26:26 assar Exp $
+# $Id: Makefile.in,v 1.113.2.2 2000/12/07 16:44:12 assar Exp $
 #
 SHELL = /bin/sh
 
@@ -10,6 +10,7 @@ CC = @CC@
 LINK = @LINK@
 AR = ar
 RANLIB = @RANLIB@
+CP = cp
 LN_S = @LN_S@
 DEFS = @DEFS@ -DROKEN_RENAME
 CFLAGS = @CFLAGS@ $(WFLAGS)
@@ -254,7 +255,7 @@ Wall:
 
 install: all
 	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
-	$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB)
+	$(INSTALL_DATA)  $(LIB) $(DESTDIR)$(libdir)/$(LIB)
 	@install_symlink_command@
 	$(MKINSTALLDIRS) $(DESTDIR)$(includedir)
 	@for i in $(inc_DATA); do \
@@ -291,12 +292,17 @@ distclean: clean
 realclean: distclean
 	rm -f TAGS
 
+$(LIBNAME)_pic.a: $(OBJECTS) $(SHLIB_LIBADD)
+	rm -f $@
+	$(AR) cr $@ $(OBJECTS) $(SHLIB_LIBADD)
+	-$(RANLIB) $@
+
 $(LIBNAME).a: $(OBJECTS)
 	rm -f $@
 	$(AR) cr $@ $(OBJECTS)
 	-$(RANLIB) $@
 
-$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(SHLIB_LIBADD)
+$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(SHLIB_LIBADD) $(LIBNAME)_pic.a
 	rm -f $@
 	$(LDSHARED) -o $@ $(OBJECTS) $(SHLIB_LIBADD) $(LIB_DEPS)
 	@build_symlink_command@
@@ -359,8 +365,8 @@ rw.o: ../../include/version.h
 all-local: $(inc_DATA)
 	@for i in $(inc_DATA); do \
 		if cmp -s  $$i $(idir)/$$i 2> /dev/null ; then :; else\
-			echo " $(INSTALL_DATA) $$i $(idir)/$$i"; \
-			$(INSTALL_DATA) $$i $(idir)/$$i; \
+			echo " $(CP) $$i $(idir)/$$i"; \
+			$(CP) $$i $(idir)/$$i; \
 		fi ; \
 	done
 
diff --git a/crypto/kerberosIV/lib/krb/dest_tkt.c b/crypto/kerberosIV/lib/krb/dest_tkt.c
index 0487e6b72386..4330df262606 100644
--- a/crypto/kerberosIV/lib/krb/dest_tkt.c
+++ b/crypto/kerberosIV/lib/krb/dest_tkt.c
@@ -21,7 +21,11 @@ or implied warranty.
 
 #include "krb_locl.h"
 
-RCSID("$Id: dest_tkt.c,v 1.11 1997/05/19 03:03:40 assar Exp $");
+RCSID("$Id: dest_tkt.c,v 1.11.14.2 2000/10/18 20:26:42 assar Exp $");
+
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
 
 /*
  * dest_tkt() is used to destroy the ticket store upon logout.
@@ -35,48 +39,70 @@ RCSID("$Id: dest_tkt.c,v 1.11 1997/05/19 03:03:40 assar Exp $");
 int
 dest_tkt(void)
 {
-    char *file = TKT_FILE;
-    int i,fd;
-    struct stat statb;
+    const char *filename = TKT_FILE;
+    int i, fd;
+    struct stat sb1, sb2;
     char buf[BUFSIZ];
+    int error = 0;
 
-    errno = 0;
-    if (
-#ifdef HAVE_LSTAT
-    lstat
-#else
-    stat
-#endif
-    (file, &statb) < 0)      
+    if (lstat (filename, &sb1) < 0) {
+	error = errno;
 	goto out;
+    }
 
-    if (!(statb.st_mode & S_IFREG)
-#ifdef notdef
-	|| statb.st_mode & 077
-#endif
-	)
+    fd = open (filename, O_RDWR | O_BINARY);
+    if (fd < 0) {
+	error = errno;
+	goto out;
+    }
+
+    if (unlink (filename) < 0) {
+	error = errno;
+	close(fd);
 	goto out;
+    }
 
-    if ((fd = open(file, O_RDWR, 0)) < 0)
+    if (fstat (fd, &sb2) < 0) {
+	error = errno;
+	close(fd);
 	goto out;
+    }
 
-    memset(buf, 0, BUFSIZ);
+    if (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) {
+	close (fd);
+	error = EPERM;
+	goto out;
+    }
+
+    if (sb2.st_nlink != 0) {
+	close (fd);
+	error = EPERM;
+	goto out;
+    }
 
-    for (i = 0; i < statb.st_size; i += sizeof(buf))
-	if (write(fd, buf, sizeof(buf)) != sizeof(buf)) {
+    for (i = 0; i < sb2.st_size; i += sizeof(buf)) {
+	int ret;
+	
+	ret = write(fd, buf, sizeof(buf));
+	if (ret != sizeof(buf)) {
+	    if (ret < 0)
+		error = errno;
+	    else
+		error = EINVAL;
 	    fsync(fd);
 	    close(fd);
 	    goto out;
 	}
-	
+    }
 
     fsync(fd);
     close(fd);
     
-    unlink(file);
-
 out:
-    if (errno == ENOENT) return RET_TKFIL;
-    else if (errno != 0) return KFAILURE;
-    return(KSUCCESS);
+    if (error == ENOENT)
+	return RET_TKFIL;
+    else if (error != 0)
+	return KFAILURE;
+    else
+	return(KSUCCESS);
 }
diff --git a/crypto/kerberosIV/lib/krb/extra.c b/crypto/kerberosIV/lib/krb/extra.c
index 0668e17836db..17193a477483 100644
--- a/crypto/kerberosIV/lib/krb/extra.c
+++ b/crypto/kerberosIV/lib/krb/extra.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: extra.c,v 1.7 1999/12/02 16:58:41 joda Exp $");
+RCSID("$Id: extra.c,v 1.7.2.1 2000/12/07 16:06:09 assar Exp $");
 
 struct value {
     char *variable;
diff --git a/crypto/kerberosIV/lib/krb/get_default_principal.c b/crypto/kerberosIV/lib/krb/get_default_principal.c
index 47ad6b302aaa..860f237b5daa 100644
--- a/crypto/kerberosIV/lib/krb/get_default_principal.c
+++ b/crypto/kerberosIV/lib/krb/get_default_principal.c
@@ -33,7 +33,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: get_default_principal.c,v 1.14 1999/12/02 16:58:41 joda Exp $");
+RCSID("$Id: get_default_principal.c,v 1.14.2.1 2000/06/23 03:29:10 assar Exp $");
 
 int
 krb_get_default_principal(char *name, char *instance, char *realm)
@@ -42,8 +42,7 @@ krb_get_default_principal(char *name, char *instance, char *realm)
   int ret;
   char *p;
 
-  if ((file = getenv("KRBTKFILE")) == NULL)
-      file = TKT_FILE;  
+  file = tkt_string ();
   
   ret = krb_get_tf_fullname(file, name, instance, realm);
   if(ret == KSUCCESS)
diff --git a/crypto/kerberosIV/lib/krb/getaddrs.c b/crypto/kerberosIV/lib/krb/getaddrs.c
index d1576903bc80..80b72382a2e6 100644
--- a/crypto/kerberosIV/lib/krb/getaddrs.c
+++ b/crypto/kerberosIV/lib/krb/getaddrs.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,7 +33,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: getaddrs.c,v 1.28 1999/12/02 16:58:42 joda Exp $");
+RCSID("$Id: getaddrs.c,v 1.28.2.1 2000/06/23 03:29:53 assar Exp $");
 
 #if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
 #include <sys/ioctl.h>
@@ -100,7 +100,11 @@ k_get_all_addrs (struct in_addr **l)
 	 ifconf.ifc_len = in_len;
 	 ifconf.ifc_buf = inbuf;
 
-	 if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0)
+	 /*
+	  * Solaris returns EINVAL when the buffer is too small.
+	  */
+
+	 if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0 && errno != EINVAL)
 	     goto fail;
 	 if(ifconf.ifc_len + sizeof(ifreq) < in_len)
 	     break;
diff --git a/crypto/kerberosIV/lib/krb/getfile.c b/crypto/kerberosIV/lib/krb/getfile.c
index 99d0c3f5502b..7684aee9cc09 100644
--- a/crypto/kerberosIV/lib/krb/getfile.c
+++ b/crypto/kerberosIV/lib/krb/getfile.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,7 +33,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: getfile.c,v 1.5 1999/12/02 16:58:42 joda Exp $");
+RCSID("$Id: getfile.c,v 1.5.2.1 2000/12/07 17:04:48 assar Exp $");
 
 static int
 is_suid(void)
@@ -53,7 +53,7 @@ get_file(const char **files, int num, const char *file, char *buf, size_t len)
 {
     const char *p, **q;
     int i = 0;
-    if(!is_suid() && (p = getenv("KRBCONFDIR"))){
+    if(getuid() != 0 && !is_suid() && (p = getenv("KRBCONFDIR"))){
 	if(num == i){
 	    snprintf(buf, len, "%s/%s", p, file);
 	    return 0;
diff --git a/crypto/kerberosIV/lib/krb/kdc_reply.c b/crypto/kerberosIV/lib/krb/kdc_reply.c
index 2c940eca0a24..888ab160b780 100644
--- a/crypto/kerberosIV/lib/krb/kdc_reply.c
+++ b/crypto/kerberosIV/lib/krb/kdc_reply.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,7 +33,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: kdc_reply.c,v 1.12 1999/12/02 16:58:42 joda Exp $");
+RCSID("$Id: kdc_reply.c,v 1.12.2.2 2000/12/04 14:34:28 assar Exp $");
 
 static int little_endian; /* XXX ugly */
 
@@ -115,7 +115,10 @@ kdc_reply_cipher(KTEXT reply, KTEXT cip)
     if(type != AUTH_MSG_KDC_REPLY)
 	return INTK_PROT;
 
-    p += krb_get_nir(p, aname, inst, realm);
+    p += krb_get_nir(p,
+		     aname, sizeof(aname),
+		     inst, sizeof(inst),
+		     realm, sizeof(realm));
     p += krb_get_int(p, &kdc_time, 4, little_endian);
     p++; /* number of tickets */
     p += krb_get_int(p, &exp_date, 4, little_endian);
diff --git a/crypto/kerberosIV/lib/krb/krb-protos.h b/crypto/kerberosIV/lib/krb/krb-protos.h
index bb385d64a4d9..0fbf46abec29 100644
--- a/crypto/kerberosIV/lib/krb/krb-protos.h
+++ b/crypto/kerberosIV/lib/krb/krb-protos.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: krb-protos.h,v 1.24 1999/12/02 16:58:42 joda Exp $ */
+/* $Id: krb-protos.h,v 1.24.2.1 2000/06/23 03:32:04 assar Exp $ */
 
 #ifndef __krb_protos_h__
 #define __krb_protos_h__
@@ -328,9 +328,9 @@ krb_get_lrealm __P((
 int KRB_LIB_FUNCTION
 krb_get_nir __P((
 	void *from,
-	char *name,
-	char *instance,
-	char *realm));
+	char *name, size_t name_len,
+	char *instance, size_t instance_len,
+	char *realm, size_t realm_len));
 
 char * KRB_LIB_FUNCTION
 krb_get_phost __P((const char *alias));
diff --git a/crypto/kerberosIV/lib/krb/logging.c b/crypto/kerberosIV/lib/krb/logging.c
index bac1c188143d..1044fac6c265 100644
--- a/crypto/kerberosIV/lib/krb/logging.c
+++ b/crypto/kerberosIV/lib/krb/logging.c
@@ -34,7 +34,7 @@
 #include "krb_locl.h"
 #include <klog.h>
 
-RCSID("$Id: logging.c,v 1.18 1999/12/02 16:58:42 joda Exp $");
+RCSID("$Id: logging.c,v 1.18.2.1 2000/10/13 15:57:34 assar Exp $");
 
 struct krb_log_facility {
     char filename[MaxPathLen]; 
@@ -53,6 +53,9 @@ krb_vlogger(struct krb_log_facility *f, const char *format, va_list args)
     else if (f->filename && f->filename[0])
 	file = fopen(f->filename, "a");
 
+    if (file == NULL)
+      return KFAILURE;
+
     ret = f->func(file, format, args);
 
     if (file != f->file)
diff --git a/crypto/kerberosIV/lib/krb/mk_safe.c b/crypto/kerberosIV/lib/krb/mk_safe.c
index 2e8c5c2acfe0..c0bbc9afe938 100644
--- a/crypto/kerberosIV/lib/krb/mk_safe.c
+++ b/crypto/kerberosIV/lib/krb/mk_safe.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,11 +33,20 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: mk_safe.c,v 1.25 1999/12/02 16:58:43 joda Exp $");
+RCSID("$Id: mk_safe.c,v 1.25.2.1 2000/10/10 13:19:25 assar Exp $");
 
 /* application include files */
 #include "krb-archaeology.h"
 
+#ifndef DES_QUAD_GUESS
+/* Temporary fixes for krb_{rd,mk}_safe */
+#define DES_QUAD_GUESS 0
+#define DES_QUAD_NEW 1
+#define DES_QUAD_OLD 2
+
+#define DES_QUAD_DEFAULT DES_QUAD_GUESS
+
+#endif /* DES_QUAD_GUESS */
 
 /* from rd_safe.c */
 extern int dqc_type;
diff --git a/crypto/kerberosIV/lib/krb/rd_req.c b/crypto/kerberosIV/lib/krb/rd_req.c
index 91b27a5498ce..4dca78e41af9 100644
--- a/crypto/kerberosIV/lib/krb/rd_req.c
+++ b/crypto/kerberosIV/lib/krb/rd_req.c
@@ -33,7 +33,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: rd_req.c,v 1.27.2.1 1999/12/06 22:04:36 assar Exp $");
+RCSID("$Id: rd_req.c,v 1.27.2.2 2000/06/23 04:00:20 assar Exp $");
 
 static struct timeval t_local = { 0, 0 };
 
@@ -141,7 +141,7 @@ krb_rd_req(KTEXT authent,	/* The received message */
 	   char *instance,	/* Service instance */
 	   int32_t from_addr,	/* Net address of originating host */
 	   AUTH_DAT *ad,	/* Structure to be filled in */
-	   char *fn)		/* Filename to get keys from */
+	   char *a_fn)		/* Filename to get keys from */
 {
     static KTEXT_ST ticket;     /* Temp storage for ticket */
     static KTEXT tkt = &ticket;
@@ -169,6 +169,8 @@ krb_rd_req(KTEXT authent,	/* The received message */
     int type;
     int little_endian;
 
+    const char *fn = a_fn;
+
     unsigned char *p;
 
     if (authent->length <= 0)
@@ -262,7 +264,10 @@ krb_rd_req(KTEXT authent,	/* The received message */
     /* cast req_id->length to int? */
 #define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED);
 
-    p += krb_get_nir(p, r_aname, r_inst, r_realm); /* XXX no rangecheck */
+    p += krb_get_nir(p,
+		     r_aname, sizeof(r_aname),
+		     r_inst, sizeof(r_inst),
+		     r_realm, sizeof(r_realm));
 
     p += krb_get_int(p, &ad->checksum, 4, little_endian);
 
diff --git a/crypto/kerberosIV/lib/krb/rd_safe.c b/crypto/kerberosIV/lib/krb/rd_safe.c
index fd8f35ee4b91..1d536abdff84 100644
--- a/crypto/kerberosIV/lib/krb/rd_safe.c
+++ b/crypto/kerberosIV/lib/krb/rd_safe.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,11 +33,21 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: rd_safe.c,v 1.26 1999/12/02 16:58:43 joda Exp $");
+RCSID("$Id: rd_safe.c,v 1.26.2.1 2000/10/10 13:20:36 assar Exp $");
 
 /* application include files */
 #include "krb-archaeology.h"
 
+#ifndef DES_QUAD_GUESS
+/* Temporary fixes for krb_{rd,mk}_safe */
+#define DES_QUAD_GUESS 0
+#define DES_QUAD_NEW 1
+#define DES_QUAD_OLD 2
+
+#define DES_QUAD_DEFAULT DES_QUAD_GUESS
+
+#endif /* DES_QUAD_GUESS */
+
 /* Generate two checksums in the given byteorder of the data, one
  * new-form and one old-form. It has to be done this way to be
  * compatible with the old version of des_quad_cksum.
diff --git a/crypto/kerberosIV/lib/krb/roken_rename.h b/crypto/kerberosIV/lib/krb/roken_rename.h
index bae10983f3a7..7bd86e288622 100644
--- a/crypto/kerberosIV/lib/krb/roken_rename.h
+++ b/crypto/kerberosIV/lib/krb/roken_rename.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: roken_rename.h,v 1.8 1999/12/02 16:58:44 joda Exp $ */
+/* $Id: roken_rename.h,v 1.8.2.1 2000/06/23 03:35:31 assar Exp $ */
 
 #ifndef __roken_rename_h__
 #define __roken_rename_h__
@@ -85,6 +85,12 @@
 #ifndef HAVE_STRDUP
 #define strdup _krb_strdup
 #endif
+#ifndef HAVE_STRLCAT
+#define strlcat _krb_strlcat
+#endif
+#ifndef HAVE_STRLCPY
+#define strlcpy _krb_strlcpy
+#endif
 #ifndef HAVE_STRNLEN
 #define strnlen _krb_strnlen
 #endif
@@ -95,4 +101,7 @@
 #define strtok_r _krb_strtok_r
 #endif
 
+#define dns_free_data _krb_dns_free_data
+#define dns_lookup _krb_dns_lookup
+
 #endif /* __roken_rename_h__ */
diff --git a/crypto/kerberosIV/lib/krb/rw.c b/crypto/kerberosIV/lib/krb/rw.c
index 88589c324602..5064a6f40a42 100644
--- a/crypto/kerberosIV/lib/krb/rw.c
+++ b/crypto/kerberosIV/lib/krb/rw.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: rw.c,v 1.12 1999/12/02 16:58:44 joda Exp $");
+RCSID("$Id: rw.c,v 1.12.2.1 2000/06/23 03:37:33 assar Exp $");
 
 int
 krb_get_int(void *f, u_int32_t *to, int size, int lsb)
@@ -109,14 +109,17 @@ krb_get_string(void *from, char *to, size_t to_size)
 }
 
 int
-krb_get_nir(void *from, char *name, char *instance, char *realm)
+krb_get_nir(void *from,
+	    char *name, size_t name_len,
+	    char *instance, size_t instance_len,
+	    char *realm, size_t realm_len)
 {
     char *p = (char *)from;
 
-    p += krb_get_string(p, name, ANAME_SZ);
-    p += krb_get_string(p, instance, INST_SZ);
+    p += krb_get_string(p, name, name_len);
+    p += krb_get_string(p, instance, instance_len);
     if(realm)
-	p += krb_get_string(p, realm, REALM_SZ);
+	p += krb_get_string(p, realm, realm_len);
     return p - (char *)from;
 }
 
diff --git a/crypto/kerberosIV/lib/krb/send_to_kdc.c b/crypto/kerberosIV/lib/krb/send_to_kdc.c
index 74ac1bbdbe80..4fc2c956785e 100644
--- a/crypto/kerberosIV/lib/krb/send_to_kdc.c
+++ b/crypto/kerberosIV/lib/krb/send_to_kdc.c
@@ -22,7 +22,7 @@ or implied warranty.
 #include "krb_locl.h"
 #include <base64.h>
 
-RCSID("$Id: send_to_kdc.c,v 1.71 1999/11/25 02:20:53 assar Exp $");
+RCSID("$Id: send_to_kdc.c,v 1.71.2.1 2000/10/10 12:47:21 assar Exp $");
 
 struct host {
     struct sockaddr_in addr;
@@ -488,6 +488,12 @@ send_recv(KTEXT pkt, KTEXT rpkt, struct host *host)
 	timeout.tv_sec = client_timeout;
 	timeout.tv_usec = 0;
 	FD_ZERO(&readfds);
+	if (s >= FD_SETSIZE) {
+	    if (krb_debug)
+		krb_warning("fd too large\n");
+	    close (s);
+	    return FALSE;
+	}
 	FD_SET(s, &readfds);
 	
 	/* select - either recv is ready, or timeout */
diff --git a/crypto/kerberosIV/lib/krb/tf_util.c b/crypto/kerberosIV/lib/krb/tf_util.c
index 5528c4966e94..0d5361fd4954 100644
--- a/crypto/kerberosIV/lib/krb/tf_util.c
+++ b/crypto/kerberosIV/lib/krb/tf_util.c
@@ -21,7 +21,7 @@ or implied warranty.
         
 #include "krb_locl.h"
 
-RCSID("$Id: tf_util.c,v 1.39 1999/12/02 18:03:16 assar Exp $");
+RCSID("$Id: tf_util.c,v 1.39.2.2 2000/06/23 04:03:58 assar Exp $");
 
 
 #define TOO_BIG -1
diff --git a/crypto/kerberosIV/lib/krb/verify_user.c b/crypto/kerberosIV/lib/krb/verify_user.c
index 36c64d7892e1..24138e214b59 100644
--- a/crypto/kerberosIV/lib/krb/verify_user.c
+++ b/crypto/kerberosIV/lib/krb/verify_user.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,7 +33,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: verify_user.c,v 1.17.2.1 1999/12/06 22:57:17 assar Exp $");
+RCSID("$Id: verify_user.c,v 1.17.2.2 2000/12/15 14:43:37 assar Exp $");
 
 /*
  * Verify user (name.instance@realm) with `password'.
@@ -78,6 +78,7 @@ krb_verify_user_srvtab_exact(char *name,
 	
 	KTEXT_ST ticket;
 	AUTH_DAT auth;
+	int n;
 
 	char lrealm[REALM_SZ];
 	char hostname[MaxHostNameLen];
@@ -94,33 +95,31 @@ krb_verify_user_srvtab_exact(char *name,
 	    return -1;
 	}
 	memcpy(&addr, hp->h_addr, sizeof(addr));
-
-	ret = krb_get_lrealm(lrealm, 1);
-	if(ret != KSUCCESS){
-	    dest_tkt();
-	    return ret;
-	}
 	phost = krb_get_phost(hostname);
-	
 	if (linstance == NULL)
 	    linstance = "rcmd";
 
-	if(secure == KRB_VERIFY_SECURE_FAIL) {
-	    des_cblock key;
-	    ret = read_service_key(linstance, phost, lrealm, 0, srvtab, &key);
-	    memset(key, 0, sizeof(key));
-	    if(ret == KFAILURE)
-		return 0;
+	ret = KFAILURE;
+
+	for (n = 1; krb_get_lrealm(lrealm, n) == KSUCCESS; ++n) {
+	    if(secure == KRB_VERIFY_SECURE_FAIL) {
+		des_cblock key;
+		ret = read_service_key(linstance, phost, lrealm, 0, srvtab,
+				       &key);
+		memset(key, 0, sizeof(key));
+		if(ret == KFAILURE)
+		    continue;
+	    }
+
+	    ret = krb_mk_req(&ticket, linstance, phost, lrealm, 0);
+	    if(ret == KSUCCESS) {
+		ret = krb_rd_req(&ticket, linstance, phost, addr, &auth,
+				 srvtab);
+		if (ret == KSUCCESS)
+		    break;
+	    }
 	}
-	
-	ret = krb_mk_req(&ticket, linstance, phost, lrealm, 33);
-	if(ret != KSUCCESS){
-	    dest_tkt();
-	    return ret;
-	}
-	
-	ret = krb_rd_req(&ticket, linstance, phost, addr, &auth, srvtab);
-	if(ret != KSUCCESS){
+	if (ret != KSUCCESS) {
 	    dest_tkt();
 	    return ret;
 	}
diff --git a/crypto/kerberosIV/lib/roken/Makefile.in b/crypto/kerberosIV/lib/roken/Makefile.in
index 70563e4e3b74..e3afbae39666 100644
--- a/crypto/kerberosIV/lib/roken/Makefile.in
+++ b/crypto/kerberosIV/lib/roken/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.73 1999/11/30 19:22:59 bg Exp $
+# $Id: Makefile.in,v 1.73.2.1 2000/06/23 04:37:43 assar Exp $
 #
 
 SHELL = /bin/sh
@@ -94,6 +94,7 @@ SOURCES = \
 	snprintf.c \
 	socket.c \
 	strcasecmp.c \
+	strcollect.c \
 	strdup.c \
 	strerror.c \
 	strftime.c \
@@ -148,6 +149,7 @@ OBJECTS = \
 	simple_exec.o \
 	snprintf.o \
 	socket.o \
+	strcollect.o \
 	tm2time.o \
 	verify.o \
 	warnerr.o \
diff --git a/crypto/kerberosIV/lib/roken/mini_inetd.c b/crypto/kerberosIV/lib/roken/mini_inetd.c
index a0c63330c56a..0d3b3b64f43c 100644
--- a/crypto/kerberosIV/lib/roken/mini_inetd.c
+++ b/crypto/kerberosIV/lib/roken/mini_inetd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: mini_inetd.c,v 1.18 1999/12/02 16:58:51 joda Exp $");
+RCSID("$Id: mini_inetd.c,v 1.18.2.1 2000/10/10 13:22:33 assar Exp $");
 #endif
 
 #include <stdio.h>
@@ -162,12 +162,16 @@ mini_inetd (int port)
     sock_v4 = listen_v4 (port);
     if (sock_v4 >= 0) {
 	max_fd  = max(max_fd, sock_v4);
+	if (max_fd >= FD_SETSIZE)
+	    errx (1, "fd too large");
 	FD_SET(sock_v4, &orig_read_set);
     }
 #ifdef HAVE_IPV6
     sock_v6 = listen_v6 (port);
     if (sock_v6 >= 0) {
 	max_fd  = max(max_fd, sock_v6);
+	if (max_fd >= FD_SETSIZE)
+	    errx (1, "fd too large");
 	FD_SET(sock_v6, &orig_read_set);
     }
 #endif    
diff --git a/crypto/kerberosIV/lib/roken/print_version.c b/crypto/kerberosIV/lib/roken/print_version.c
index 809bbb3bb920..57f6bd297532 100644
--- a/crypto/kerberosIV/lib/roken/print_version.c
+++ b/crypto/kerberosIV/lib/roken/print_version.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: print_version.c,v 1.5 1999/12/02 16:58:51 joda Exp $");
+RCSID("$Id: print_version.c,v 1.5.2.1 2000/10/10 13:23:43 assar Exp $");
 #endif
 #include "roken.h"
 
@@ -72,7 +72,7 @@ print_version(const char *progname)
 	}
     }
     fprintf(stderr, "%s (%s)\n", progname, msg);
-    fprintf(stderr, "Copyright (c) 1999 Kungliga Tekniska Högskolan\n");
+    fprintf(stderr, "Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan\n");
     if(num_args != 0)
 	free(msg);
 }
diff --git a/crypto/kerberosIV/lib/roken/roken-common.h b/crypto/kerberosIV/lib/roken/roken-common.h
index 0bb648b07cf9..a57f54d5c715 100644
--- a/crypto/kerberosIV/lib/roken/roken-common.h
+++ b/crypto/kerberosIV/lib/roken/roken-common.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: roken-common.h,v 1.19 1999/12/02 16:58:52 joda Exp $ */
+/* $Id: roken-common.h,v 1.19.2.2 2000/08/16 03:37:26 assar Exp $ */
 
 #ifndef __ROKEN_COMMON_H__
 #define __ROKEN_COMMON_H__
@@ -100,6 +100,10 @@
 #define O_ACCMODE	003
 #endif
 
+#ifndef _PATH_DEV
+#define _PATH_DEV "/dev/"
+#endif
+
 #ifndef _PATH_DEVNULL
 #define _PATH_DEVNULL "/dev/null"
 #endif
@@ -252,4 +256,10 @@ socket_set_tos (int sock, int tos);
 void
 socket_set_reuseaddr (int sock, int val);
 
+char **
+vstrcollect(va_list *ap);
+
+char **
+strcollect(char *first, ...);
+ 
 #endif /* __ROKEN_COMMON_H__ */
diff --git a/crypto/kerberosIV/lib/roken/roken.h.in b/crypto/kerberosIV/lib/roken/roken.h.in
index 65263ba8a095..be0774e89e21 100644
--- a/crypto/kerberosIV/lib/roken/roken.h.in
+++ b/crypto/kerberosIV/lib/roken/roken.h.in
@@ -1,6 +1,6 @@
 /* -*- C -*- */
 /*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -32,7 +32,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: roken.h.in,v 1.125 1999/12/02 16:58:52 joda Exp $ */
+/* $Id: roken.h.in,v 1.125.2.4 2000/03/12 20:32:51 assar Exp $ */
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -69,6 +69,9 @@
 #ifdef HAVE_NETINET6_IN6_H
 #include <netinet6/in6.h>
 #endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
 #endif
@@ -427,40 +430,52 @@ struct hostent *
 copyhostent (const struct hostent *h);
 #endif
 
+#ifndef HAVE_SOCKLEN_T
+typedef int socklen_t;
+#endif
+
 #ifndef HAVE_STRUCT_SOCKADDR_STORAGE
 
 #ifndef HAVE_SA_FAMILY_T
 typedef unsigned short sa_family_t;
 #endif
 
+#ifdef HAVE_IPV6
+#define _SS_MAXSIZE sizeof(struct sockaddr_in6)
+#else
+#define _SS_MAXSIZE sizeof(struct sockaddr_in)
+#endif
+
+#define _SS_ALIGNSIZE	sizeof(unsigned long)
+
 #if HAVE_STRUCT_SOCKADDR_SA_LEN
 
+typedef unsigned char roken_sa_family_t;
+
+#define _SS_PAD1SIZE   ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t) - sizeof(unsigned char)) % _SS_ALIGNSIZE)
+#define _SS_PAD2SIZE   (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + sizeof(unsigned char) + _SS_PAD1SIZE + _SS_ALIGNSIZE))
+
 struct sockaddr_storage {
     unsigned char	__ss_len;
-    sa_family_t		__ss_family;
-    char		pad[
-#ifdef HAVE_IPV6
-			    sizeof(struct sockaddr_in6)
-#else
-			    sizeof(struct sockaddr_in)
-#endif
-			   - sizeof(unsigned char) - sizeof(sa_family_t)];
+    roken_sa_family_t	__ss_family;
+    char		__ss_pad1[_SS_PAD1SIZE];
+    unsigned long	__ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1];
 };
 
-#else
+#else /* !HAVE_STRUCT_SOCKADDR_SA_LEN */
+
+typedef unsigned short roken_sa_family_t;
+
+#define _SS_PAD1SIZE   ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t)) % _SS_ALIGNSIZE)
+#define _SS_PAD2SIZE   (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + _SS_PAD1SIZE + _SS_ALIGNSIZE))
 
 struct sockaddr_storage {
-    sa_family_t		__ss_family;
-    char		pad[
-#ifdef HAVE_IPV6
-			    sizeof(struct sockaddr_in6)
-#else
-			    sizeof(struct sockaddr_in)
-#endif
-			    - sizeof(sa_family_t)];
+    roken_sa_family_t	__ss_family;
+    char		__ss_pad1[_SS_PAD1SIZE];
+    unsigned long	__ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1];
 };
 
-#endif
+#endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
 
 #endif /* HAVE_STRUCT_SOCKADDR_STORAGE */
 
diff --git a/crypto/kerberosIV/lib/roken/signal.c b/crypto/kerberosIV/lib/roken/signal.c
index c26f72f12c5b..7f2ba290771d 100644
--- a/crypto/kerberosIV/lib/roken/signal.c
+++ b/crypto/kerberosIV/lib/roken/signal.c
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: signal.c,v 1.9 1999/12/02 16:58:52 joda Exp $");
+RCSID("$Id: signal.c,v 1.9.2.1 2000/03/12 19:36:16 assar Exp $");
 #endif
 
 #include <signal.h>
@@ -42,7 +42,7 @@ RCSID("$Id: signal.c,v 1.9 1999/12/02 16:58:52 joda Exp $");
  * We would like to always use this signal but there is a link error
  * on NEXTSTEP
  */
-#ifndef NeXT
+#if !defined(NeXT) && !defined(__APPLE__)
 /*
  * Bugs:
  *
diff --git a/crypto/kerberosIV/lib/roken/snprintf.c b/crypto/kerberosIV/lib/roken/snprintf.c
index 0333e8755e8e..8450e8b90e27 100644
--- a/crypto/kerberosIV/lib/roken/snprintf.c
+++ b/crypto/kerberosIV/lib/roken/snprintf.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995-1997, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995-2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: snprintf.c,v 1.24 1999/12/02 16:58:52 joda Exp $");
+RCSID("$Id: snprintf.c,v 1.24.2.1 2000/06/14 07:26:49 joda Exp $");
 #endif
 #include <stdio.h>
 #include <stdarg.h>
@@ -265,7 +265,7 @@ append_char(struct state *state,
 if (long_flag) \
      res = (unsig long)va_arg(arg, unsig long); \
 else if (short_flag) \
-     res = (unsig short)va_arg(arg, unsig short); \
+     res = (unsig short)va_arg(arg, unsig int); \
 else \
      res = (unsig int)va_arg(arg, unsig int)
 
diff --git a/crypto/kerberosIV/lib/roken/strcollect.c b/crypto/kerberosIV/lib/roken/strcollect.c
new file mode 100644
index 000000000000..a42f9046a714
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strcollect.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strcollect.c,v 1.1.8.1 2000/06/23 04:37:44 assar Exp $");
+#endif
+
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <roken.h>
+
+enum { initial = 10, increment = 5 };
+
+static char **
+sub (char **argv, int i, int argc, va_list *ap)
+{
+    do {
+	if(i == argc) {
+	    /* realloc argv */
+	    char **tmp = realloc(argv, (argc + increment) * sizeof(*argv));
+	    if(tmp == NULL) {
+		free(argv);
+		errno = ENOMEM;
+		return NULL;
+	    }
+	    argv  = tmp;
+	    argc += increment;
+	}
+	argv[i++] = va_arg(*ap, char*);
+    } while(argv[i - 1] != NULL);
+    return argv;
+}
+
+/*
+ * return a malloced vector of pointers to the strings in `ap'
+ * terminated by NULL.
+ */
+
+char **
+vstrcollect(va_list *ap)
+{
+    return sub (NULL, 0, 0, ap);
+}
+
+/*
+ *
+ */
+
+char **
+strcollect(char *first, ...)
+{
+    va_list ap;
+    char **ret = malloc (initial * sizeof(char *));
+
+    if (ret == NULL)
+	return ret;
+
+    ret[0] = first;
+    va_start(ap, first);
+    ret = sub (ret, 1, initial, &ap);
+    va_end(ap);
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/xdbm.h b/crypto/kerberosIV/lib/roken/xdbm.h
index 83885b3bfc1c..ebfb7d705417 100644
--- a/crypto/kerberosIV/lib/roken/xdbm.h
+++ b/crypto/kerberosIV/lib/roken/xdbm.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: xdbm.h,v 1.6 1999/12/02 16:58:54 joda Exp $ */
+/* $Id: xdbm.h,v 1.6.2.1 2000/08/16 04:11:29 assar Exp $ */
 
 /* Generic *dbm include file */
 
@@ -40,6 +40,8 @@
 
 #ifdef HAVE_NDBM_H
 #include <ndbm.h>
+#elif defined(HAVE_GDBM_NDBM_H)
+#include <gdbm/ndbm.h>
 #elif defined(HAVE_DBM_H)
 #include <dbm.h>
 #elif defined(HAVE_RPCSVC_DBM_H)
diff --git a/crypto/kerberosIV/lib/sl/Makefile.in b/crypto/kerberosIV/lib/sl/Makefile.in
index 6cdb8a6c80ff..3d605b0d4fc1 100644
--- a/crypto/kerberosIV/lib/sl/Makefile.in
+++ b/crypto/kerberosIV/lib/sl/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.31 1999/03/10 19:01:17 joda Exp $
+# $Id: Makefile.in,v 1.31.16.2 2000/06/23 03:20:04 assar Exp $
 #
 
 SHELL = /bin/sh
@@ -31,6 +31,7 @@ libdir = @libdir@
 bindir = @bindir@
 includedir = @includedir@
 
+LIB_tgetent = @LIB_tgetent@
 LIB_DEPS = @lib_deps_yes@ @LIB_readline@ -lc
 build_symlink_command   = @build_symlink_command@
 install_symlink_command = @install_symlink_command@
@@ -52,11 +53,11 @@ LDSHARED = @LDSHARED@
 PROGS = mk_cmds$(EXECSUFFIX)
 
 LIB_SOURCES = sl.c ss.c
-EXTRA_SOURCES = strtok_r.c snprintf.c
+EXTRA_SOURCES = strtok_r.c snprintf.c strupr.c
 
 SOURCES = $(LIB_SOURCES) make_cmds.c $(EXTRA_SOURCES)
 
-LIBADD = strtok_r.o snprintf.o
+LIBADD = strtok_r.o snprintf.o strupr.o
 
 LIB_OBJECTS = sl.o ss.o $(LIBADD)
 
@@ -81,7 +82,7 @@ install: all
 	@install_symlink_command@
 	@install_symlink_command2@
 	$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
-	$(INSTALL) -m 0555 $(PROGS) $(DESTDIR)$(bindir)/$(PROGS)
+	$(INSTALL)  $(PROGS) $(DESTDIR)$(bindir)/$(PROGS)
 
 uninstall:
 	rm -f $(DESTDIR)$(includedir)/ss/ss.h
@@ -135,5 +136,7 @@ strtok_r.c:
 	$(LN_S) $(srcdir)/../roken/strtok_r.c .
 snprintf.c:
 	$(LN_S) $(srcdir)/../roken/snprintf.c .
+strupr.c:
+	$(LN_S) $(srcdir)/../roken/strupr.c .
 
 .PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/man/kinit.1 b/crypto/kerberosIV/man/kinit.1
index d8b4a27c6bff..d0eea5ea6bd2 100644
--- a/crypto/kerberosIV/man/kinit.1
+++ b/crypto/kerberosIV/man/kinit.1
@@ -1,4 +1,4 @@
-.\" $Id: kinit.1,v 1.4 1998/12/18 16:57:29 assar Exp $
+.\" $Id: kinit.1,v 1.4.4.1 2000/10/10 13:26:51 assar Exp $
 .\" Copyright 1989 by the Massachusetts Institute of Technology.
 .\"
 .\" For copying and distribution information,
@@ -30,23 +30,17 @@ see the
 .I kerberos(1)
 manual page.
 .PP
-If you are logged in to a workstation that is running the
-.I toehold
-service,
-you do not have to use
+If you are using a replaced
+.I login
+that already fetches tickets for you, you do not have to use
 .I kinit.
-The
-.I toehold
-login procedure will log you into
-Kerberos
-automatically.
 You will need to use
 .I kinit
 only in those situations in which
 your original tickets have expired.
 (Tickets expire in about a day.)
-Note as well that
-.I toehold
+Note as well that the modified
+.I login
 will automatically destroy your tickets when you logout from the workstation.
 .PP
 When you use
@@ -76,9 +70,9 @@ specifies your user identification number.
 .PP
 If you have logged in to
 Kerberos
-without the benefit of the workstation
-.I toehold
-system,
+without the benefit of the modified
+.I login
+program,
 make sure you use the
 .I kdestroy
 command to destroy any active tickets before you end your login session.
@@ -125,7 +119,7 @@ restrictions in Kerberos Version 4, this value must be between 5 and
 will acquires a ticket for changepw.kerberos.
 .SH SEE ALSO
 .PP
-kerberos(1), kdestroy(1), klist(1), toehold(1)
+kerberos(1), kdestroy(1), klist(1), login(1)
 .SH BUGS
 The
 .B \-r
diff --git a/crypto/kerberosIV/server/kerberos.c b/crypto/kerberosIV/server/kerberos.c
index 5ecc4f8b8ee9..c65946305786 100644
--- a/crypto/kerberosIV/server/kerberos.c
+++ b/crypto/kerberosIV/server/kerberos.c
@@ -9,7 +9,13 @@
 #include "config.h"
 #include "protos.h"
 
-RCSID("$Id: kerberos.c,v 1.87 1999/11/13 06:35:39 assar Exp $");
+RCSID("$Id: kerberos.c,v 1.87.2.3 2000/10/18 20:24:13 assar Exp $");
+
+/*
+ * If support for really large numbers of network interfaces is
+ * desired, define FD_SETSIZE to some suitable value.
+ */
+#define FD_SETSIZE (4*1024)
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -298,10 +304,13 @@ kerberos(unsigned char *buf, int len,
     switch(msg_type){
     case AUTH_MSG_KDC_REQUEST:
 	/* XXX range check */
-	p += krb_get_nir(p, name, inst, realm);
+	p += krb_get_nir(p, name, sizeof(name),
+			 inst, sizeof(inst),
+			 realm, sizeof(realm));
 	p += krb_get_int(p, &req_time, 4, lsb);
 	life = *p++;
-	p += krb_get_nir(p, service, sinst, NULL);
+	p += krb_get_nir(p, service, sizeof(service),
+			 sinst, sizeof(sinst), NULL, 0);
 	klog(L_INI_REQ,
 	     "AS REQ %s.%s@%s for %s.%s from %s (%s/%u)", 
 	     name, inst, realm, service, sinst,
@@ -377,7 +386,8 @@ kerberos(unsigned char *buf, int len,
 	}
 	p += krb_get_int(p, &req_time, 4, lsb);
 	life = *p++;
-	p += krb_get_nir(p, service, sinst, NULL);
+	p += krb_get_nir(p, service, sizeof(service),
+			 sinst, sizeof(sinst), NULL, 0);
 	klog(L_APPL_REQ,
 	     "APPL REQ %s.%s@%s for %s.%s from %s (%s/%u)",
 	     ad.pname, ad.pinst, ad.prealm,
@@ -555,6 +565,10 @@ mksocket(struct descr *d, struct in_addr addr, int type,
     memset(d, 0, sizeof(struct descr));
     if ((sock = socket(AF_INET, type, 0)) < 0)
 	err (1, "socket");
+    if (sock >= FD_SETSIZE) {
+        errno = EMFILE;
+	errx(1, "Aborting: too many descriptors");
+    }
 #if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
     if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
 		   sizeof(on)) < 0)
@@ -968,13 +982,24 @@ read_socket(struct descr *n)
     }
 }
 
+static fd_set readfds;
+
 static void
-loop(struct descr *fds, int nfds)
+loop(struct descr *fds, int base_nfds)
 {
+    int nfds = base_nfds;
+    int max_tcp = min(FD_SETSIZE, getdtablesize()) - fds[base_nfds - 1].s;
+    if (max_tcp <= 10) {
+        errno = EMFILE;
+ 	errx(1, "Aborting: too many descriptors");
+    }
+    max_tcp -= 10;		/* We need a few extra for DB, logs, etc. */
+    if (max_tcp > 100) max_tcp = 100; /* Keep to some sane limit. */
+
     for (;;) {
 	int ret;
-        fd_set readfds;
 	struct timeval tv;
+	int next_timeout = 10;	/* In seconds */
 	int maxfd = 0;
 	struct descr *n, *minfree;
 	int accepted; /* accept at most one socket per `round' */
@@ -997,12 +1022,15 @@ loop(struct descr *fds, int nfds)
 	    }
 	    FD_SET(n->s, &readfds);
 	    maxfd = max(maxfd, n->s);
+	    next_timeout = min(next_timeout, tv.tv_sec - n->timeout);
 	}
 	/* add more space for sockets */
-	if(minfree == NULL){
+	if (minfree == NULL && nfds < base_nfds + max_tcp) {
 	    int i = nfds;
 	    struct descr *new;
 	    nfds *=2;
+	    if (nfds > base_nfds + max_tcp)
+	        nfds = base_nfds + max_tcp;
 	    new = realloc(fds, sizeof(struct descr) * nfds);
 	    if(new){
 		fds = new;
@@ -1010,7 +1038,27 @@ loop(struct descr *fds, int nfds)
 		for(; i < nfds; i++) fds[i].s = -1;
 	    }
 	}
-	ret = select(maxfd + 1, &readfds, 0, 0, 0);
+	if (minfree == NULL) {
+	    /*
+	     * We are possibly the subject of a DOS attack, pick a TCP
+	     * connection at random and drop it.
+	     */
+	    int r = rand() % (nfds - base_nfds);
+	    r = r + base_nfds;
+	    FD_CLR(fds[r].s, &readfds);
+	    close(fds[r].s);
+	    fds[r].s = -1;
+	    minfree = &fds[r];
+	}
+	if (next_timeout < 0) next_timeout = 0;
+	tv.tv_sec = next_timeout;
+	tv.tv_usec = 0;
+	ret = select(maxfd + 1, &readfds, 0, 0, &tv);
+	if (ret < 0) {
+	    if (errno != EINTR)
+	        klog(L_KRB_PERR, "select: %s", strerror(errno));
+	  continue;
+	}
 	accepted = 0;
 	for (n = fds; n < fds + nfds; n++){
 	    if(n->s < 0) continue;
@@ -1022,8 +1070,7 @@ loop(struct descr *fds, int nfds)
 		    if(accepted) continue;
 		    accepted = 1;
 		    s = accept(n->s, NULL, 0);
-		    if(minfree == NULL){
-			kerb_err_reply(s, NULL, KFAILURE, "Out of memory");
+		    if (minfree == NULL || s >= FD_SETSIZE) {
 			close(s);
 		    }else{
 			minfree->s = s;