From cb974713c2dde56749592d21c0da2a5ad3092400 Mon Sep 17 00:00:00 2001
From: zacheiss <zacheiss>
Date: Mon, 4 May 2009 20:49:09 +0000
Subject: [PATCH] Build without krb4 if it's unavailable.

---
 clients/lib/member.c          |  24 +++-
 clients/lib/utils.c           |   1 -
 clients/mailmaint/mailmaint.c |   2 -
 clients/moira/namespace.c     |   3 -
 clients/moira/user.c          |   2 -
 configure                     | 204 ++++++++++++++++++++--------------
 configure.in                  |  53 +++++----
 gen/acl.pc                    |   3 +-
 gen/cups-print.pc             |   4 +-
 gen/genacl.pc                 |  24 +++-
 include/moira.h               |   3 +
 include/mr_krb.h              |  20 ++++
 include/update.h              |   3 -
 incremental/Makefile.in       |   9 +-
 incremental/afs/afs.c         |  25 ++++-
 incremental/ldap/setpw.c      |   2 +
 incremental/winad/setpw.c     |   2 +
 lib/Makefile.in               |   2 +-
 lib/kname_unparse.c           |   5 +-
 lib/mr_auth.c                 |   6 +
 lib/mr_et.et                  |   3 +
 reg_svr/kerberos.c            |   1 -
 reg_svr/reg_svr.pc            |  10 +-
 server/mr_main.c              |  13 ++-
 server/mr_sauth.c             |   8 +-
 server/mr_server.h            |   6 +-
 update/auth_002.c             |   8 ++
 update/auth_003.c             |  13 ++-
 update/client.c               |   8 ++
 update/get_file.c             |  13 +++
 update/send_file.c            |  15 +++
 update/ticket.c               |  14 +++
 update/update_server.c        |   6 +
 33 files changed, 358 insertions(+), 157 deletions(-)
 create mode 100644 include/mr_krb.h

diff --git a/clients/lib/member.c b/clients/lib/member.c
index b7603b2b..6d643806 100644
--- a/clients/lib/member.c
+++ b/clients/lib/member.c
@@ -17,12 +17,10 @@
 #include <string.h>
 #include <ctype.h>
 
-#include <krb.h>
+#include <krb5.h>
 
 RCSID("$Header$");
 
-static char default_realm[REALM_SZ];
-
 int mrcl_validate_string_member(char *str)
 {
   char *p, *lname, *ret;
@@ -69,6 +67,9 @@ int mrcl_validate_string_member(char *str)
 int mrcl_validate_kerberos_member(char *str, char **ret)
 {
   char *p;
+  int code = 0;
+  krb5_context context = NULL;
+  char *default_realm = NULL;
 
   mrcl_clear_message();
 
@@ -97,14 +98,27 @@ int mrcl_validate_kerberos_member(char *str, char **ret)
 	  return MRCL_SUCCESS;
 	}
 
-      if (!*default_realm)
-	krb_get_lrealm(default_realm, 1);
+      code = krb5_init_context(&context);
+      if (!code)
+        goto out;
+
+      code = krb5_get_default_realm(context, &default_realm);
+      if (!code)
+        goto out;
 
       *ret = malloc(strlen(str) + strlen(default_realm) + 2);
       sprintf(*ret, "%s@%s", str, default_realm);
 
       mrcl_set_message("Warning: default realm \"%s\" added to principal "
 		       "\"%s\"", default_realm, str);
+
+    out:
+      if (default_realm)
+        free(default_realm);
+      if (context)
+        krb5_free_context(context);
+      if (!code)
+        return code;
       return MRCL_SUCCESS;
     }
 
diff --git a/clients/lib/utils.c b/clients/lib/utils.c
index 7399c94d..207e1bde 100644
--- a/clients/lib/utils.c
+++ b/clients/lib/utils.c
@@ -12,7 +12,6 @@
 #include <mrclient.h>
 
 #include <com_err.h>
-#include <krb.h>
 #include <krb5.h>
 
 #include <sys/types.h>
diff --git a/clients/mailmaint/mailmaint.c b/clients/mailmaint/mailmaint.c
index c72d2568..27ef2d7b 100644
--- a/clients/mailmaint/mailmaint.c
+++ b/clients/mailmaint/mailmaint.c
@@ -31,8 +31,6 @@
 #include <unistd.h>
 #endif
 
-#include <krb.h>
-
 #ifdef _WIN32
 #define INPUT_MASK 0xff
 #ifdef getchar
diff --git a/clients/moira/namespace.c b/clients/moira/namespace.c
index 6020d8fe..ad6e748d 100644
--- a/clients/moira/namespace.c
+++ b/clients/moira/namespace.c
@@ -23,8 +23,6 @@
 #include <stdio.h>
 #include <string.h>
 
-#include <krb.h>
-
 RCSID("$Header$");
 
 static void ErrorExit(char *buf, int status);
@@ -176,7 +174,6 @@ int main(int argc, char **argv)
   int status;
   Menu *menu;
   char *motd, **arg;
-  char pname[ANAME_SZ];
   struct sigaction act;
 
   if (!(program_name = strrchr(argv[0], '/')))
diff --git a/clients/moira/user.c b/clients/moira/user.c
index 0ed1762e..a37f93d8 100644
--- a/clients/moira/user.c
+++ b/clients/moira/user.c
@@ -25,8 +25,6 @@
 #include <string.h>
 #include <time.h>
 
-#include <krb.h>
-
 RCSID("$Header$");
 
 void CorrectCapitalization(char **name);
diff --git a/configure b/configure
index 39aac924..53b4896c 100755
--- a/configure
+++ b/configure
@@ -852,7 +852,7 @@ Optional Packages:
   --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
   --with-com_err=PREFIX   Specify location of com_err
   --with-krb4=PREFIX      Specify location of krb4
-  --with-krb5=PREFIX      Specify location of krb5 (for reg_svr)
+  --with-krb5=PREFIX      Specify location of krb5
   --with-hesiod=PREFIX    Specify location of Hesiod
   --with-zephyr=PREFIX    Specify location of Zephyr
   --with-rsaref=PREFIX      Specify location of RSAREF
@@ -2554,20 +2554,6 @@ if test "$athena" = true; then
 
 
 
-
-    case $CPPFLAGS in
-	*-I/usr/athena/include/kerberosIV*) ;;
-	*) CPPFLAGS=-I/usr/athena/include/kerberosIV\ $CPPFLAGS ;;
-    esac
-
-
-    case $PRO_C_INCLUDES in
-	*INCLUDE=/usr/athena/include/kerberosIV*) ;;
-	*) PRO_C_INCLUDES=INCLUDE=/usr/athena/include/kerberosIV\ $PRO_C_INCLUDES ;;
-    esac
-
-
-
     case $LIBPATH in
 	*-L/usr/athena/lib*) ;;
 	*) LIBPATH=-L/usr/athena/lib\ $LIBPATH ;;
@@ -3168,72 +3154,6 @@ fi;
 
 
 
-# Kerberos (Kerberos 4 required, Kerberos 5 optional for reg_svr)
-echo "$as_me:$LINENO: checking for Kerberos 4" >&5
-echo $ECHO_N "checking for Kerberos 4... $ECHO_C" >&6
-
-# Check whether --with-krb4 or --without-krb4 was given.
-if test "${with_krb4+set}" = set; then
-  withval="$with_krb4"
-  krb4="$withval"
-else
-  krb4=no
-fi;
-echo "$as_me:$LINENO: result: $krb4" >&5
-echo "${ECHO_T}$krb4" >&6
-if test "$krb4" != yes; then
-
-
-    case $CPPFLAGS in
-	*-I$krb4/include*) ;;
-	*) CPPFLAGS=-I$krb4/include\ $CPPFLAGS ;;
-    esac
-
-
-    case $PRO_C_INCLUDES in
-	*INCLUDE=$krb4/include*) ;;
-	*) PRO_C_INCLUDES=INCLUDE=$krb4/include\ $PRO_C_INCLUDES ;;
-    esac
-
-
-    if test -d "$krb4/include/kerberosIV"; then
-
-
-    case $CPPFLAGS in
-	*-I$krb4/include/kerberosIV*) ;;
-	*) CPPFLAGS=-I$krb4/include/kerberosIV\ $CPPFLAGS ;;
-    esac
-
-
-    case $PRO_C_INCLUDES in
-	*INCLUDE=$krb4/include/kerberosIV*) ;;
-	*) PRO_C_INCLUDES=INCLUDE=$krb4/include/kerberosIV\ $PRO_C_INCLUDES ;;
-    esac
-
-
-    fi
-
-    case $LIBPATH in
-	*-L$krb4/lib*) ;;
-	*) LIBPATH=-L$krb4/lib\ $LIBPATH ;;
-    esac
-
-elif test -d /usr/include/kerberosIV; then
-
-
-    case $CPPFLAGS in
-	*-I/usr/include/kerberosIV*) ;;
-	*) CPPFLAGS=-I/usr/include/kerberosIV\ $CPPFLAGS ;;
-    esac
-
-
-    case $PRO_C_INCLUDES in
-	*INCLUDE=/usr/include/kerberosIV*) ;;
-	*) PRO_C_INCLUDES=INCLUDE=/usr/include/kerberosIV\ $PRO_C_INCLUDES ;;
-    esac
-
-
-fi
 echo "$as_me:$LINENO: checking for main in -lk5crypto" >&5
 echo $ECHO_N "checking for main in -lk5crypto... $ECHO_C" >&6
 if test "${ac_cv_lib_k5crypto_main+set}" = set; then
@@ -3359,7 +3279,87 @@ fi
 
 fi
 
-echo "$as_me:$LINENO: checking for krb_rd_req in -lkrb4" >&5
+
+# Kerberos (Kerberos 4 optional, Kerberos 5 required)
+echo "$as_me:$LINENO: checking for Kerberos 4" >&5
+echo $ECHO_N "checking for Kerberos 4... $ECHO_C" >&6
+
+# Check whether --with-krb4 or --without-krb4 was given.
+if test "${with_krb4+set}" = set; then
+  withval="$with_krb4"
+  krb4="$withval"
+else
+  krb4=no
+fi;
+echo "$as_me:$LINENO: result: $krb4" >&5
+echo "${ECHO_T}$krb4" >&6
+if test "$krb4" != no; then
+    if test "$krb4" != yes; then
+
+
+    case $CPPFLAGS in
+	*-I$krb4/include*) ;;
+	*) CPPFLAGS=-I$krb4/include\ $CPPFLAGS ;;
+    esac
+
+
+    case $PRO_C_INCLUDES in
+	*INCLUDE=$krb4/include*) ;;
+	*) PRO_C_INCLUDES=INCLUDE=$krb4/include\ $PRO_C_INCLUDES ;;
+    esac
+
+
+	if test -d "$krb4/include/kerberosIV"; then
+
+
+    case $CPPFLAGS in
+	*-I$krb4/include/kerberosIV*) ;;
+	*) CPPFLAGS=-I$krb4/include/kerberosIV\ $CPPFLAGS ;;
+    esac
+
+
+    case $PRO_C_INCLUDES in
+	*INCLUDE=$krb4/include/kerberosIV*) ;;
+	*) PRO_C_INCLUDES=INCLUDE=$krb4/include/kerberosIV\ $PRO_C_INCLUDES ;;
+    esac
+
+
+	fi
+
+    case $LIBPATH in
+	*-L$krb4/lib*) ;;
+	*) LIBPATH=-L$krb4/lib\ $LIBPATH ;;
+    esac
+
+    elif test -d /usr/include/kerberosIV; then
+
+
+    case $CPPFLAGS in
+	*-I/usr/include/kerberosIV*) ;;
+	*) CPPFLAGS=-I/usr/include/kerberosIV\ $CPPFLAGS ;;
+    esac
+
+
+    case $PRO_C_INCLUDES in
+	*INCLUDE=/usr/include/kerberosIV*) ;;
+	*) PRO_C_INCLUDES=INCLUDE=/usr/include/kerberosIV\ $PRO_C_INCLUDES ;;
+    esac
+
+
+    fi
+
+    cat >>confdefs.h <<\_ACEOF
+#define HAVE_KRB4 1
+_ACEOF
+
+
+    case $PRO_C_DEFS in
+	*DEFINE=HAVE_KRB4*) ;;
+	*) PRO_C_DEFS=DEFINE=HAVE_KRB4\ $PRO_C_DEFS ;;
+    esac
+
+
+    echo "$as_me:$LINENO: checking for krb_rd_req in -lkrb4" >&5
 echo $ECHO_N "checking for krb_rd_req in -lkrb4... $ECHO_C" >&6
 if test "${ac_cv_lib_krb4_krb_rd_req+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -3500,6 +3500,7 @@ fi
 
 fi
 
+fi
 
 echo "$as_me:$LINENO: checking for Kerberos 5" >&5
 echo $ECHO_N "checking for Kerberos 5... $ECHO_C" >&6
@@ -3518,7 +3519,40 @@ if test "$krb5" != no; then
     if test "$krb5" != yes; then
 	REG_SVR_INCLUDES=-I$krb5/include
 	REG_SVR_LIBS=-L$krb5/lib
+
+
+    case $CPPFLAGS in
+	*-I$krb5/include*) ;;
+	*) CPPFLAGS=-I$krb5/include\ $CPPFLAGS ;;
+    esac
+
+
+    case $PRO_C_INCLUDES in
+	*INCLUDE=$krb5/include*) ;;
+	*) PRO_C_INCLUDES=INCLUDE=$krb5/include\ $PRO_C_INCLUDES ;;
+    esac
+
+
+
+    case $LIBPATH in
+	*-L$krb5/lib*) ;;
+	*) LIBPATH=-L$krb5/lib\ $LIBPATH ;;
+    esac
+
     fi
+
+    cat >>confdefs.h <<\_ACEOF
+#define HAVE_KRB5 1
+_ACEOF
+
+
+    case $PRO_C_DEFS in
+	*DEFINE=HAVE_KRB5*) ;;
+	*) PRO_C_DEFS=DEFINE=HAVE_KRB5\ $PRO_C_DEFS ;;
+    esac
+
+
+    KRB5_LIBS="-lkrb5 -l${crypto} -lcom_err -lresolv"
     REG_SVR_LIBS="$REG_SVR_LIBS -lkadm5clnt -lgssapi_krb5 -lgssrpc -lkrb4 -ldes425 -lkrb5 -l${crypto} -lresolv"
 else
     REG_SVR_DEFS=-DKRB4
@@ -3861,7 +3895,7 @@ if test "${ac_cv_lib_zephyr_ZInitialize+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   ac_check_lib_save_LIBS=$LIBS
-LIBS="-lzephyr $LIBPATH $KRB4_LIBS -lcom_err $LIBS"
+LIBS="-lzephyr $LIBPATH $KRB4_LIBS $KRB5_LIBS -lcom_err $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -5874,12 +5908,12 @@ fi
 
 
 LDFLAGS="$LDFLAGS -L\$(BUILDTOP)/lib $LIBPATH"
-KLIBS="$KRB4_LIBS -lcom_err $LIBS"
+KLIBS="$KRB4_LIBS $KRB5_LIBS -lcom_err $LIBS"
 KLIBS="$LIBS"
 if test "$hesiod" != no; then
   KLIBS="-lhesiod $KLIBS"
 fi
-KLIBS="$KRB4_LIBS -lcom_err $KLIBS"
+KLIBS="$KRB4_LIBS $KRB5_LIBS -lcom_err $KLIBS"
 if test "$zephyr" != no; then
   KLIBS="-lzephyr $KLIBS"
 fi
diff --git a/configure.in b/configure.in
index ea9f6558..4b6d6d20 100755
--- a/configure.in
+++ b/configure.in
@@ -55,7 +55,6 @@ if test "$athena" = true; then
     bindir=$prefix/arch/$ATHENA_SYS/bin
     sbindir=$bindir
     MR_INCLUDE(/usr/athena/include)
-    MR_INCLUDE(/usr/athena/include/kerberosIV)
     MR_LIBS(/usr/athena/lib)
 fi
 
@@ -109,34 +108,38 @@ AC_ARG_WITH(com_err,
 AC_SUBST(COM_ERR_SUBDIR)
 AC_SUBST(COMPILE_ET)
 
-# Kerberos (Kerberos 4 required, Kerberos 5 optional for reg_svr)
+AC_CHECK_LIB(k5crypto, main, crypto="k5crypto",
+             [AC_CHECK_LIB(crypto, main, crypto="crypto")])
+
+# Kerberos (Kerberos 4 optional, Kerberos 5 required)
 AC_MSG_CHECKING(for Kerberos 4)
 AC_ARG_WITH(krb4,
     [  --with-krb4=PREFIX      Specify location of krb4],
     [krb4="$withval"], [krb4=no])
 AC_MSG_RESULT($krb4)
-if test "$krb4" != yes; then
-    MR_INCLUDE($krb4/include)
-    if test -d "$krb4/include/kerberosIV"; then
-	MR_INCLUDE($krb4/include/kerberosIV)
+if test "$krb4" != no; then
+    if test "$krb4" != yes; then
+	MR_INCLUDE($krb4/include)
+	if test -d "$krb4/include/kerberosIV"; then
+	    MR_INCLUDE($krb4/include/kerberosIV)
+	fi
+	MR_LIBS($krb4/lib)
+    elif test -d /usr/include/kerberosIV; then
+	MR_INCLUDE(/usr/include/kerberosIV)
     fi
-    MR_LIBS($krb4/lib)
-elif test -d /usr/include/kerberosIV; then
-    MR_INCLUDE(/usr/include/kerberosIV)
+    MR_DEFINE(HAVE_KRB4)
+    AC_CHECK_LIB(krb4, krb_rd_req,
+		 [KRB4_LIBS="-lkrb4 -ldes425 -lkrb5 -l${crypto} -lresolv"],
+		 [AC_CHECK_LIB(krb, krb_rd_req,
+			       [KRB4_LIBS="-lkrb -ldes"],
+			       [AC_MSG_ERROR(Kerberos 4 libraries not found)],
+			       $LIBPATH -ldes)],
+		 $LIBPATH -ldes425 -lkrb5 -l${crypto} -lcom_err -lresolv)
 fi
-AC_CHECK_LIB(k5crypto, main, crypto="k5crypto",
-             [AC_CHECK_LIB(crypto, main, crypto="crypto")])
-AC_CHECK_LIB(krb4, krb_rd_req,
-	     [KRB4_LIBS="-lkrb4 -ldes425 -lkrb5 -l${crypto} -lresolv"],
-	     [AC_CHECK_LIB(krb, krb_rd_req,
-			   [KRB4_LIBS="-lkrb -ldes"],
-			   [AC_MSG_ERROR(Kerberos 4 libraries not found)],
-			   $LIBPATH -ldes)],
-	     $LIBPATH -ldes425 -lkrb5 -l${crypto} -lcom_err -lresolv)
 
 AC_MSG_CHECKING(for Kerberos 5)
 AC_ARG_WITH(krb5,
-    [  --with-krb5=PREFIX      Specify location of krb5 (for reg_svr)],
+    [  --with-krb5=PREFIX      Specify location of krb5],
     [krb5="$withval"], [krb5=no])
 AC_MSG_RESULT($krb5)
 if test "$krb5" != no; then
@@ -144,8 +147,12 @@ if test "$krb5" != no; then
     if test "$krb5" != yes; then
 	REG_SVR_INCLUDES=-I$krb5/include
 	REG_SVR_LIBS=-L$krb5/lib
+	MR_INCLUDE($krb5/include)
+	MR_LIBS($krb5/lib)
     fi
-    REG_SVR_LIBS="$REG_SVR_LIBS -lkadm5clnt -lgssapi_krb5 -lgssrpc -lkrb4 -ldes425 -lkrb5 -l${crypto} -lresolv"
+    MR_DEFINE(HAVE_KRB5)
+    KRB5_LIBS="-lkrb5 -l${crypto} -lcom_err -lresolv"
+    REG_SVR_LIBS="$REG_SVR_LIBS -lkadm5clnt -lgssapi_krb5 -lgssrpc -lkrb5 -l${crypto} -lresolv"
 else
     REG_SVR_DEFS=-DKRB4
     REG_SVR_LIBS=-lkadm
@@ -186,7 +193,7 @@ if test "$zephyr" != no; then
     fi
     AC_CHECK_LIB(zephyr, ZInitialize, :,
 		 [AC_MSG_ERROR(Zephyr library not found)],
-		 $LIBPATH $KRB4_LIBS -lcom_err)
+		 $LIBPATH $KRB4_LIBS $KRB5_LIBS -lcom_err)
     MR_DEFINE(HAVE_ZEPHYR)
 fi
 
@@ -446,12 +453,12 @@ MR_INCLUDE('$(BUILDTOP)/lib')
 MR_INCLUDE('$(BUILDTOP)/db')
 MR_INCLUDE('$(srcdir)')
 LDFLAGS="$LDFLAGS -L\$(BUILDTOP)/lib $LIBPATH"
-KLIBS="$KRB4_LIBS -lcom_err $LIBS"
+KLIBS="$KRB4_LIBS $KRB5_LIBS -lcom_err $LIBS"
 KLIBS="$LIBS"
 if test "$hesiod" != no; then
   KLIBS="-lhesiod $KLIBS"
 fi
-KLIBS="$KRB4_LIBS -lcom_err $KLIBS"
+KLIBS="$KRB4_LIBS $KRB5_LIBS -lcom_err $KLIBS"
 if test "$zephyr" != no; then
   KLIBS="-lzephyr $KLIBS"
 fi
diff --git a/gen/acl.pc b/gen/acl.pc
index 35942a61..9a211385 100644
--- a/gen/acl.pc
+++ b/gen/acl.pc
@@ -19,7 +19,9 @@
 #include <stdlib.h>
 #include <string.h>
 
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
 
 EXEC SQL INCLUDE sqlca;
 
@@ -27,7 +29,6 @@ RCSID("$Header$");
 
 char *whoami = "acl.gen";
 char *db = "moira/moira";
-char defaultrealm[REALM_SZ];
 
 void dump_access_file(FILE *out, int lid);
 char *merge_access_bits(char *t1, char *t2);
diff --git a/gen/cups-print.pc b/gen/cups-print.pc
index d8e67f68..9f974604 100644
--- a/gen/cups-print.pc
+++ b/gen/cups-print.pc
@@ -19,13 +19,13 @@
 #include <string.h>
 
 #include <time.h>
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
 #include <krb5.h>
 
 #include "util.h"
 
-
-
 EXEC SQL INCLUDE sqlca;
 
 RCSID("$Header$");
diff --git a/gen/genacl.pc b/gen/genacl.pc
index 7bff1faa..c4dd1d7a 100644
--- a/gen/genacl.pc
+++ b/gen/genacl.pc
@@ -16,14 +16,18 @@
 #include <stdlib.h>
 #include <string.h>
 
+#ifdef HAVE_KRB4
 #include <krb.h>
+#else
+#include <mr_krb.h>
+#endif
 #include <krb5.h>
 
 EXEC SQL INCLUDE sqlca;
 
 RCSID("$Header$");
 
-static char defaultrealm[REALM_SZ];
+static char *defaultrealm = NULL;
 
 static struct hash *users, *strings;
 
@@ -34,9 +38,23 @@ static struct save_queue *merge_imembers(struct save_queue *sq,
 
 void init_acls(void)
 {
+  krb5_context context = NULL;
+  int code;
+
   users = create_hash(2000);
   strings = create_hash(2000);
-  krb_get_lrealm(defaultrealm, 1);
+
+  code = krb5_init_context(&context);
+  if (code)
+    goto out;
+
+  code = krb5_get_default_realm(context, &defaultrealm);
+  if (code)
+    goto out;
+
+ out:
+  if (context)
+    krb5_free_context(context);
 }
 
 void dump_krb_acl(FILE *out, char *type, int id, int vers)
@@ -97,7 +115,7 @@ void canon_krb(struct imember *m, int vers, char *buf, int len)
 	  krb5_principal client = NULL;
 	  int status = 0;
 
-	  if (kname_parse(name, inst, realm, kbuf) != KSUCCESS)
+	  if (mr_kname_parse(name, inst, realm, kbuf) != 0)
 	    goto out;
 
 	  status = krb5_init_context(&context);
diff --git a/include/moira.h b/include/moira.h
index cb659363..2dc606ee 100644
--- a/include/moira.h
+++ b/include/moira.h
@@ -115,6 +115,9 @@ void hash_destroy(struct hash *h);
 /* prototypes from kname_unparse.c */
 char *mr_kname_unparse(char *p, char *i, char *r);
 
+/* prototypes from kname_parse.c */
+int mr_kname_parse(char *np, char *ip, char *rp, char *fullname);
+
 /* prototypes from nfsparttype.c */
 char *parse_filesys_type(char *fs_type_name);
 char *format_filesys_type(char *fs_status);
diff --git a/include/mr_krb.h b/include/mr_krb.h
new file mode 100644
index 00000000..9d3f7698
--- /dev/null
+++ b/include/mr_krb.h
@@ -0,0 +1,20 @@
+/* $Id$
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology
+ *
+ * Define some useful constants that used to be provided by the krb4
+ * libraries.
+ *
+ */
+
+#define ANAME_SZ      40
+#define INST_SZ       40
+#define REALM_SZ      40
+/* include space for '.' and '@' */
+#define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2)
+
+#define KRB_REALM "ATHENA.MIT.EDU"
+
+#define kname_parse mr_kname_parse
+
+#define ERROR_TABLE_BASE_krb                     (39525376L)
diff --git a/include/update.h b/include/update.h
index f7670371..4ed885dd 100644
--- a/include/update.h
+++ b/include/update.h
@@ -15,7 +15,4 @@ int mr_send_auth(int conn, char *hostname);
 int mr_execute(int conn, char *path);
 void mr_send_quit(int conn);
 
-#include <krb.h>
-int get_mr_update_ticket(char *host, KTEXT ticket);
-
 extern char *whoami;
diff --git a/incremental/Makefile.in b/incremental/Makefile.in
index 66f1ca48..55aed0b9 100644
--- a/incremental/Makefile.in
+++ b/incremental/Makefile.in
@@ -21,10 +21,6 @@ mrbindir=@mrbindir@
 
 SUBDIRS=@AFS_SUBDIRS@ @WINAD_SUBDIRS@
 
-KSRVTGT_OBJS=ksrvtgt.o
-
-TARGET=ksrvtgt
-
 .SUFFIXES: .pc
 
 .pc.c:
@@ -33,7 +29,7 @@ TARGET=ksrvtgt
 .c.o:
 	$(CC) -c $(ALL_CFLAGS) $<
 
-all: $(TARGET)
+all:
 	@for d in $(SUBDIRS); do (echo "### Making $@ in incremental/$$d"; cd $$d; $(MAKE) $@) || exit 1; done
 
 clean:
@@ -50,6 +46,3 @@ depend:
 install:
 	$(INSTALL_PROGRAM) ksrvtgt $(DESTDIR)$(mrbindir)
 	@for d in $(SUBDIRS); do (echo "### Making $@ in incremental/$$d"; cd $$d; $(MAKE) $@) || exit 1; done
-
-ksrvtgt: $(KSRVTGT_OBJS)
-	$(CC) -o $@ $(LDFLAGS) $(KSRVTGT_OBJS) $(LIBS)
diff --git a/incremental/afs/afs.c b/incremental/afs/afs.c
index dd2dee2c..99a4f2b6 100644
--- a/incremental/afs/afs.c
+++ b/incremental/afs/afs.c
@@ -21,7 +21,10 @@
 #include <unistd.h>
 
 #include <com_err.h>
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
+#include <krb5.h>
 
 #include <afs/param.h>
 #include <afs/cellconfig.h>
@@ -552,14 +555,24 @@ void edit_group(int op, char *group, char *type, char *member)
   char *p = 0;
   char buf[PR_MAXNAMELEN];
   int code, ustate;
-  static char local_realm[REALM_SZ+1] = "";
+  static char *local_realm = NULL;
   struct member *m;
+  krb5_context context = NULL;
 
   /* The following KERBEROS code allows for the use of entities
    * user@foreign_cell.
    */
-  if (!local_realm[0])
-    krb_get_lrealm(local_realm, 1);
+  if (!local_realm)
+    {
+      code = krb5_init_context(&context);
+      if (code)
+	goto out;
+
+      code = krb5_get_default_realm(context, &local_realm);
+      if (code)
+	goto out;
+    }
+
   if (!strcmp(type, "KERBEROS"))
     {
       p = strchr(member, '@');
@@ -632,6 +645,12 @@ void edit_group(int op, char *group, char *type, char *member)
 	  code = PRNOENT;
 	}
 
+    out:
+      if (context)
+	krb5_free_context(context);
+      if (local_realm)
+	free(local_realm);
+
       critical_alert("incremental", "Couldn't %s %s %s %s: %s",
 		     op ? "add" : "remove", member,
 		     op ? "to" : "from", buf,
diff --git a/incremental/ldap/setpw.c b/incremental/ldap/setpw.c
index b3e4e73d..ea873537 100644
--- a/incremental/ldap/setpw.c
+++ b/incremental/ldap/setpw.c
@@ -49,7 +49,9 @@ Abstract:
 #include "port-sockets.h"
 #endif
 #include <krb5.h>
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
 #include <ldap.h>
 #ifdef _WIN32
 #include <wshelper.h>
diff --git a/incremental/winad/setpw.c b/incremental/winad/setpw.c
index 9908a1f3..3a53f512 100644
--- a/incremental/winad/setpw.c
+++ b/incremental/winad/setpw.c
@@ -49,7 +49,9 @@ Abstract:
 #include "port-sockets.h"
 #endif
 #include <krb5.h>
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
 #include <ldap.h>
 #ifdef _WIN32
 #include <wshelper.h>
diff --git a/lib/Makefile.in b/lib/Makefile.in
index ebb25303..71f33c7c 100644
--- a/lib/Makefile.in
+++ b/lib/Makefile.in
@@ -16,7 +16,7 @@ SRCTOP=@top_srcdir@
 BUILDTOP=..
 
 OBJS=	critical.o fixhost.o fixname.o \
-	hash.o kname_unparse.o krb_et.o mr_access.o mr_auth.o \
+	hash.o kname_unparse.o kname_parse.o krb_et.o mr_access.o mr_auth.o \
 	mr_call.o mr_connect.o mr_et.o mr_init.o mr_ops.o mr_query.o \
 	nfsparttype.o sq.o strs.o ureg_err.o
 
diff --git a/lib/kname_unparse.c b/lib/kname_unparse.c
index 90ee2880..ca2f9862 100644
--- a/lib/kname_unparse.c
+++ b/lib/kname_unparse.c
@@ -13,8 +13,11 @@
 
 #include <stdio.h>
 
-#include <des.h>
+#ifdef HAVE_KRB5
 #include <krb.h>
+#else
+#include <mr_krb.h>
+#endif
 
 RCSID("$Header$");
 
diff --git a/lib/mr_auth.c b/lib/mr_auth.c
index 4a5a89c7..4e1d6b0a 100644
--- a/lib/mr_auth.c
+++ b/lib/mr_auth.c
@@ -15,7 +15,9 @@
 #include <stdio.h>
 #include <string.h>
 
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
 #include <krb5.h>
 
 krb5_context context = NULL;
@@ -29,6 +31,7 @@ RCSID("$Header$");
 
 int mr_auth(char *prog)
 {
+#ifdef HAVE_KRB4
   int status;
   mr_params params, reply;
   char *args[2];
@@ -70,6 +73,9 @@ int mr_auth(char *prog)
   mr_destroy_reply(reply);
 
   return status;
+#else
+  return MR_NO_KRB4;
+#endif
 }
 
 int mr_proxy(char *principal, char *orig_authtype)
diff --git a/lib/mr_et.et b/lib/mr_et.et
index b2575938..6ae556b7 100644
--- a/lib/mr_et.et
+++ b/lib/mr_et.et
@@ -237,4 +237,7 @@ ec      MR_CONTAINER_NO_PARENT,
 ec	MR_BAD_MAIL_STRING,
 	"Address refers to nonexistent domain or MIT internal mail server"
 
+ec	MR_NO_KRB4,
+	"Unable to complete operation using Kerberos v4"
+
 	end
diff --git a/reg_svr/kerberos.c b/reg_svr/kerberos.c
index 52e39286..e2409830 100644
--- a/reg_svr/kerberos.c
+++ b/reg_svr/kerberos.c
@@ -34,7 +34,6 @@
 #ifdef KRB5
 #include <kadm5/admin.h>
 #include <krb5.h>
-#include <krb.h>
 
 krb5_context context;
 #endif
diff --git a/reg_svr/reg_svr.pc b/reg_svr/reg_svr.pc
index a8616151..1016e186 100644
--- a/reg_svr/reg_svr.pc
+++ b/reg_svr/reg_svr.pc
@@ -33,7 +33,9 @@
 #include <unistd.h>
 
 #include <com_err.h>
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
 
 EXEC SQL INCLUDE sqlca;
 
@@ -805,13 +807,7 @@ int register_user(int uid, char *username)
       return MR_DOWN;
     }
 
-  status = krb_get_svc_in_tkt(REG_SVR_PRINCIPAL, REG_SVR_INSTANCE,
-			      krb_realmofhost(hostname), MOIRA_SNAME,
-			      shorthostname, 3, KEYFILE);
-  if (status)
-    status += ERROR_TABLE_BASE_krb;
-  else
-    status = mr_krb5_auth("reg_svr");
+  status = mr_krb5_auth("reg_svr");
   if (status)
     {
       com_err(whoami, status, "authenticating to moira");
diff --git a/server/mr_main.c b/server/mr_main.c
index 7337f455..2935aa7f 100644
--- a/server/mr_main.c
+++ b/server/mr_main.c
@@ -28,7 +28,9 @@
 #include <string.h>
 #include <unistd.h>
 
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
 #include <krb5.h>
 
 RCSID("$Header$");
@@ -42,8 +44,8 @@ FILE *journal;
 time_t now;
 
 char *host;
-char krb_realm[REALM_SZ];
 krb5_context context = NULL;
+char *krb_realm = NULL;
 
 /* Client array and associated data. This needs to be global for _list_users */
 client **clients;
@@ -106,8 +108,6 @@ int main(int argc, char **argv)
 	}
     }
 
-  krb_get_lrealm(krb_realm, 1);
-
   status = krb5_init_context(&context);
   if (status)
     {
@@ -115,6 +115,13 @@ int main(int argc, char **argv)
       exit(1);
     }
 
+  status = krb5_get_default_realm(context, &krb_realm);
+  if (status)
+    {
+      com_err(whoami, status, "Getting default Kerberos realm.");
+      exit(1);
+    }
+
   /*
    * Database initialization.  Only init if database should be open.
    */
diff --git a/server/mr_sauth.c b/server/mr_sauth.c
index 17fe74f7..2cc1a486 100644
--- a/server/mr_sauth.c
+++ b/server/mr_sauth.c
@@ -28,6 +28,7 @@ extern krb5_context context;
 static int set_client(client *cl, char *kname,
 		      char *name, char *inst, char *realm);
 
+#ifdef HAVE_KRB4
 typedef struct _replay_cache {
   KTEXT_ST auth;
   time_t expires;
@@ -35,6 +36,7 @@ typedef struct _replay_cache {
 } replay_cache;
 
 replay_cache *rcache = NULL;
+#endif
 
 /*
  * Handle a MOIRA_AUTH RPC request.
@@ -46,6 +48,7 @@ replay_cache *rcache = NULL;
 
 void do_auth(client *cl)
 {
+#ifdef HAVE_KRB4
   KTEXT_ST auth;
   AUTH_DAT ad;
   int status;
@@ -123,6 +126,9 @@ void do_auth(client *cl)
     client_reply(cl, status);
   else
     client_reply(cl, MR_USER_AUTH);
+#else
+  client_reply(cl, MR_NO_KRB4);
+#endif
 }
 
 void do_proxy(client *cl)
@@ -137,7 +143,7 @@ void do_proxy(client *cl)
       return;
     }
 
-  if (kname_parse(name, inst, realm, cl->req.mr_argv[0]) != KSUCCESS)
+  if (mr_kname_parse(name, inst, realm, cl->req.mr_argv[0]) != 0)
     {
       com_err(whoami, KE_KNAME_FMT, "while parsing proxy name %s",
 	      cl->req.mr_argv);
diff --git a/server/mr_server.h b/server/mr_server.h
index de730679..a6382dfc 100644
--- a/server/mr_server.h
+++ b/server/mr_server.h
@@ -14,7 +14,11 @@
 
 #include <stdarg.h>
 
+#ifdef HAVE_KRB4
 #include <krb.h>
+#else
+#include <mr_krb.h>
+#endif
 #include <krb5.h>
 
 enum clstate { CL_ACCEPTING, CL_ACTIVE, CL_CLOSING };
@@ -51,7 +55,7 @@ struct mxentry
   int pref;
 };
 
-extern char krb_realm[REALM_SZ];
+extern char *krb_realm;
 
 /* max length of query argument allowed */
 #define ARGLEN	257
diff --git a/update/auth_002.c b/update/auth_002.c
index 18cc73ea..2500ead6 100644
--- a/update/auth_002.c
+++ b/update/auth_002.c
@@ -15,14 +15,18 @@
 #include <stdio.h>
 #include <string.h>
 
+#ifdef HAVE_KRB4
 #include <krb.h>
+#endif
 
 RCSID("$Header$");
 
 static char service[] = "rcmd";
 static char master[] = "sms";
 static char qmark[] = "???";
+#ifdef HAVE_KRB4
 extern des_cblock session;
+#endif
 
 /*
  * authentication request auth_002:
@@ -39,6 +43,7 @@ extern des_cblock session;
 
 void auth_002(int conn, char *str)
 {
+#ifdef HAVE_KRB4
   char aname[ANAME_SZ], ainst[INST_SZ], arealm[REALM_SZ];
   AUTH_DAT ad;
   char *p, *first, *data;
@@ -126,4 +131,7 @@ auth_failed:
   com_err(whoami, code, "auth for %s.%s@%s failed",
 	  ad.pname, ad.pinst, ad.prealm);
   send_int(conn, code);
+#else
+  return MR_NO_KRB4;
+#endif
 }
diff --git a/update/auth_003.c b/update/auth_003.c
index acea5d69..101be11b 100644
--- a/update/auth_003.c
+++ b/update/auth_003.c
@@ -15,7 +15,11 @@
 #include <stdio.h>
 #include <string.h>
 
+#ifdef HAVE_KRB4
 #include <krb.h>
+#else
+#include <mr_krb.h>
+#endif
 #include <krb5.h>
 
 RCSID("$Header$");
@@ -44,6 +48,7 @@ void auth_003(int conn, char *str)
   char *p, *first, *data;
   char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
   char aname[ANAME_SZ], ainst[INST_SZ], arealm[REALM_SZ];
+  char *lrealm = NULL;
   size_t size;
   long code;
   struct utsname uts;
@@ -143,7 +148,11 @@ void auth_003(int conn, char *str)
     {
       strcpy(aname, master);
       strcpy(ainst, "");
-      if (krb_get_lrealm(arealm, 1))
+      if (!krb5_get_default_realm(context, &lrealm))
+        {
+          strcpy(arealm, lrealm);
+        }
+      else
 	strcpy(arealm, KRB_REALM);
     }
   code = EPERM;
@@ -159,6 +168,8 @@ void auth_003(int conn, char *str)
   have_authorization = 1;
 
  out:
+  if (lrealm)
+    free(lrealm);
   if (client)
     krb5_free_principal(context, client);
   if (server)
diff --git a/update/client.c b/update/client.c
index 1f6bbdb0..5b86b0c5 100644
--- a/update/client.c
+++ b/update/client.c
@@ -17,13 +17,17 @@
 #include <stdlib.h>
 #include <string.h>
 
+#ifdef HAVE_KRB4
 #include <des.h>
 #include <krb.h>
+#endif
 #include <krb5.h>
 
 RCSID("$Header$");
 
+#ifdef HAVE_KRB4
 extern des_cblock session;
+#endif
 extern char *whoami;
 extern krb5_context context;
 
@@ -71,6 +75,7 @@ int mr_send_krb5_auth(int conn, char *host_name)
 
 int mr_send_auth(int conn, char *host_name)
 {
+#ifdef HAVE_KRB4
   KTEXT_ST ticket_st;
   int code, auth_version = 2;
   long response;
@@ -129,6 +134,9 @@ int mr_send_auth(int conn, char *host_name)
     }
 
   return MR_SUCCESS;
+#else
+  return MR_NO_KRB4;
+#endif
 }
 
 int mr_execute(int conn, char *path)
diff --git a/update/get_file.c b/update/get_file.c
index f92a5248..337947ac 100644
--- a/update/get_file.c
+++ b/update/get_file.c
@@ -17,7 +17,9 @@
 #include <string.h>
 #include <unistd.h>
 
+#ifdef HAVE_KRB4
 #include <des.h>
+#endif
 
 RCSID("$Header$");
 
@@ -25,9 +27,11 @@ RCSID("$Header$");
 #define MIN(a, b)    (((a) < (b)) ? (a) : (b))
 #endif /* MIN */
 
+#ifdef HAVE_KRB4
 static des_key_schedule sched;
 static des_cblock ivec;
 extern des_cblock session;
+#endif
 
 static int get_block(int conn, int fd, int max_size, int encrypt);
 
@@ -123,8 +127,15 @@ int get_file(int conn, char *pathname, int file_size, int checksum,
 
   if (encrypt)
     {
+#ifdef HAVE_KRB4
       des_key_sched(session, sched);
       memcpy(ivec, session, sizeof(ivec));
+#else
+      /* The session key only gets stored if auth happens in krb4 to
+         begin with. If you don't have krb4, you can't possibly be
+         coming up with a valid session key. */
+      return MR_NO_KRB4;
+#endif
     }
 
   n_written = 0;
@@ -173,6 +184,7 @@ static int get_block(int conn, int fd, int max_size, int encrypt)
 
   if (encrypt)
     {
+#ifdef HAVE_KRB4
       char *unenc = malloc(len);
 
       if (!unenc)
@@ -186,6 +198,7 @@ static int get_block(int conn, int fd, int max_size, int encrypt)
 	ivec[i] = data[len - 8 + i] ^ unenc[len - 8 + i];
       free(data);
       data = unenc;
+#endif
     }
 
   n_read = MIN(len, max_size);
diff --git a/update/send_file.c b/update/send_file.c
index 61c7ed79..49127f41 100644
--- a/update/send_file.c
+++ b/update/send_file.c
@@ -17,12 +17,16 @@
 #include <string.h>
 #include <unistd.h>
 
+#ifdef HAVE_KRB4
 #include <des.h>
+#endif
 #include <update.h>
 
 RCSID("$Header$");
 
+#ifdef HAVE_KRB4
 extern des_cblock session;
+#endif
 
 /*
  * syntax:
@@ -47,8 +51,10 @@ int mr_send_file(int conn, char *pathname, char *target_path, int encrypt)
   char data[UPDATE_BUFSIZ], enc[UPDATE_BUFSIZ];
   long response;
   struct stat statb;
+#ifdef HAVE_KRB4
   des_key_schedule sched;
   des_cblock ivec;
+#endif
 
   /* send file over */
   fd = open(pathname, O_RDONLY, 0);
@@ -105,8 +111,15 @@ int mr_send_file(int conn, char *pathname, char *target_path, int encrypt)
 
   if (encrypt)
     {
+#ifdef HAVE_KRB4
       des_key_sched(session, sched);
       memmove(ivec, session, sizeof(ivec));
+#else
+      /* The session key only gets stored if auth happens in krb4 to
+         begin with. If you don't have krb4, you can't possibly be
+         coming up with a valid session key. */
+      return MR_NO_KRB4;
+#endif
     }
 
   while (n_to_send > 0)
@@ -120,6 +133,7 @@ int mr_send_file(int conn, char *pathname, char *target_path, int encrypt)
 	}
       if (encrypt)
 	{
+#ifdef HAVE_KRB4
 	  memset(data + n, 0, sizeof(data) -n);
 	  des_pcbc_encrypt(data, enc, (n + 7) & ~7, sched, ivec, 0);
 	  /* save vector to continue chaining */
@@ -128,6 +142,7 @@ int mr_send_file(int conn, char *pathname, char *target_path, int encrypt)
 	  /* round up to multiple of 8 */
 	  n = (n + 7) & ~7;
 	  code = send_string(conn, enc, n);
+#endif
 	}
       else
 	code = send_string(conn, data, n);
diff --git a/update/ticket.c b/update/ticket.c
index 77e2b1c1..9eb47c7e 100644
--- a/update/ticket.c
+++ b/update/ticket.c
@@ -13,19 +13,27 @@
 #include <stdio.h>
 #include <string.h>
 
+#ifdef HAVE_KRB4
 #include <krb.h>
+#else
+#define KTEXT void*
+#endif
 #include <krb5.h>
 #include <update.h>
 
 RCSID("$Header$");
 
+#ifdef HAVE_KRB4
 static char realm[REALM_SZ];
 static char master[INST_SZ] = "sms";
 static char service[ANAME_SZ] = "rcmd";
 des_cblock session;
+#endif
 krb5_context context = NULL;
 
+#ifdef HAVE_KRB4
 static int get_mr_tgt(void);
+#endif
 
 int get_mr_krb5_update_ticket(char *host, krb5_data auth)
 {
@@ -58,6 +66,7 @@ int get_mr_krb5_update_ticket(char *host, krb5_data auth)
 
 int get_mr_update_ticket(char *host, KTEXT ticket)
 {
+#ifdef HAVE_KRB4
   int code, pass;
   char phost[BUFSIZ];
   CREDENTIALS cr;
@@ -93,8 +102,12 @@ try_it:
       memcpy(session, cr.session, sizeof(session));
     }
   return code;
+#else
+  return MR_NO_KRB4;
+#endif
 }
 
+#ifdef HAVE_KRB4
 static int get_mr_tgt(void)
 {
   int code;
@@ -109,3 +122,4 @@ static int get_mr_tgt(void)
   else
     return code + ERROR_TABLE_BASE_krb;
 }
+#endif
diff --git a/update/update_server.c b/update/update_server.c
index 985700d1..6c5dc9a3 100644
--- a/update/update_server.c
+++ b/update/update_server.c
@@ -25,7 +25,9 @@
 #include <unistd.h>
 #include <syslog.h>
 
+#ifdef HAVE_KRB4
 #include <des.h>
+#endif
 #include "update.h"
 
 RCSID("$Header$");
@@ -33,7 +35,9 @@ RCSID("$Header$");
 char *whoami, *hostname;
 
 int have_authorization = 0;
+#ifdef HAVE_KRB4
 des_cblock session;
+#endif
 int uid = 0;
 
 void child_handler(int signal);
@@ -44,7 +48,9 @@ struct _dt {
   char *str;
   void (*proc)(int, char *);
 } dispatch_table[] = {
+#ifdef HAVE_KRB4
   { "AUTH_002", auth_002 },
+#endif
   { "AUTH_003", auth_003 },
   { "XFER_002", xfer_002 },
   { "XFER_003", xfer_003 },
-- 
2.45.1