Update security/heimdal to 0.7.1 (approved by lha). We drop support

for the "db4" option and just rely on the appropriate BDB_* settings
via bdb.buildlink3.mk.  Also, we tweak the builtin.mk file so use
krb5-config, if it's available, to check the version of the built-in
heimdal.  Patches patch-ab, patch-ae and patch-af have been sent back
upstream and will be incorporated into future Heimdal releases.

Changes between version 0.6.5 and version 0.7.1 include:

 * Support for KCM, a process based credential cache
 * Support CCAPI credential cache
 * SPNEGO support
 * AES (and the gssapi conterpart, CFX) support
 * Adding new and improve old documentation
 * Bug fixes

15 files changed, 477 insertions, 149 deletions

diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile
index d3eaee80dce..766d270edc7 100644
--- a/security/heimdal/Makefile
+++ b/security/heimdal/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.44 2005/10/25 01:17:57 rillig Exp $
+# $NetBSD: Makefile,v 1.45 2005/10/26 15:12:45 jlam Exp $
 
-DISTNAME=	heimdal-0.6.5
-PKGREVISION=	2
+DISTNAME=	heimdal-0.7.1
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.pdc.kth.se/pub/heimdal/src/	\
 		ftp://ftp.sunet.se/pub/unix/admin/mirror-pdc/heimdal/src/
@@ -16,6 +15,7 @@ PKG_INSTALLATION_TYPES=	overwrite pkgviews
 
 USE_LIBTOOL=		yes
 USE_TOOLS+=		bison
+MAKE_ENV+=		INSTALL_CATPAGES=no
 
 HEIMDAL_STATEDIR?=	${VARBASE}/heimdal
 
@@ -25,8 +25,9 @@ CONFIGURE_ARGS+=	--localstatedir=${HEIMDAL_STATEDIR}
 CONFIGURE_ARGS+=	--includedir=${PREFIX}/include/krb5
 CONFIGURE_ARGS+=	--without-x
 CONFIGURE_ARGS+=	--without-krb4
+CONFIGURE_ARGS+=	--enable-kcm
 
-CFLAGS.Darwin+= -DBIND_8_COMPAT
+CFLAGS.Darwin+=		-DBIND_8_COMPAT
 
 # Though Solaris has a <vis.h> header, it does something very unrelated
 # to the BSD <vis.h> header.
@@ -39,28 +40,30 @@ CONFIGURE_ENV.SunOS+=	ac_cv_header_vis_h=no
 # <readline.h>.
 #
 CONFIGURE_ARGS+=	--with-readline=${BUILDLINK_PREFIX.readline}
-BUILDLINK_INCDIRS.readline=	include/readline
+CPPFLAGS+=		-I${BUILDLINK_PREFIX.readline}/include/readline
 BROKEN_READLINE_DETECTION=	yes
 .include "../../devel/readline/buildlink3.mk"
 
 CONFIGURE_ARGS+=	--with-openssl=${SSLBASE}
-USE_OLD_DES_API=	yes
 .include "../../security/openssl/buildlink3.mk"
 
 PKG_OPTIONS_VAR=	PKG_OPTIONS.heimdal
-PKG_SUPPORTED_OPTIONS=	db4 ldap kerberos-prefix-cmds
+PKG_SUPPORTED_OPTIONS=	kerberos-prefix-cmds ldap
 
 .include "../../mk/bsd.options.mk"
 
-.if !empty(PKG_OPTIONS:Mdb4)
-.  include "../../databases/db4/buildlink3.mk"
-.else
-.  include "../../mk/bdb.buildlink3.mk"
-.endif
-
 .if !empty(PKG_OPTIONS:Mldap)
 .  include "../../databases/openldap/buildlink3.mk"
 CONFIGURE_ARGS+=	--with-openldap=${BUILDLINK_PREFIX.openldap}
+PLIST_SUBST+=		LDAP=""
+
+post-install: heimdal-ldap-schema
+heimdal-ldap-schema:
+	${INSTALL_DATA_DIR} ${PREFIX}/share/examples/heimdal
+	${INSTALL_DATA} ${WRKSRC}/lib/hdb/hdb.schema			\
+		${PREFIX}/share/examples/heimdal
+.else
+PLIST_SUBST+=		LDAP="@comment "
 .endif
 
 # Rename some of Heimdal's applications so they won't conflict with
@@ -84,7 +87,8 @@ CONFIGURE_ARGS+=	--program-transform-name="${HEIMDAL_TRANSFORM}"
 
 USE_PKGINSTALL=		yes
 OWN_DIRS_PERMS=		${HEIMDAL_STATEDIR} ${ROOT_USER} ${ROOT_GROUP} 0700
-RCD_SCRIPTS=		kdc
+SPECIAL_PERMS=		${PREFIX}/bin/${KRB5_PREFIX}su ${SETUID_ROOT_PERMS}
+RCD_SCRIPTS=		kadmind kcm kdc kpasswdd
 INFO_FILES=		heimdal.info
 
 # Fix some places in the Heimdal sources that don't point to the correct
@@ -101,6 +105,8 @@ SUBST_SED.heimdal=							\
 	-e "/PATH_RSH/s,/rsh,/${KRB5_PREFIX}rsh,g"			\
 	-e "/PATH_LOGIN/s,/login,/${KRB5_PREFIX}login,g"
 
+.include "../../mk/bdb.buildlink3.mk"
+
 pre-configure:
 	cd ${WRKSRC}; for f in lib/hdb/hdb.h; do			\
 		${SED}	-e "s|/var/heimdal|${HEIMDAL_STATEDIR}|g"	\
diff --git a/security/heimdal/PLIST b/security/heimdal/PLIST
index 6426d63bb68..ef755261a13 100644
--- a/security/heimdal/PLIST
+++ b/security/heimdal/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.8 2005/05/02 20:34:04 reed Exp $
+@comment $NetBSD: PLIST,v 1.9 2005/10/26 15:12:45 jlam Exp $
 bin/${KRB5_PREFIX}login
 bin/${KRB5_PREFIX}rcp
 bin/${KRB5_PREFIX}rsh
@@ -37,6 +37,7 @@ include/krb5/hdb.h
 include/krb5/hdb_asn1.h
 include/krb5/hdb_err.h
 include/krb5/heim_err.h
+include/krb5/hex.h
 include/krb5/k524_err.h
 include/krb5/kadm5/admin.h
 include/krb5/kadm5/kadm5-private.h
@@ -49,6 +50,7 @@ include/krb5/krb5-protos.h
 include/krb5/krb5-types.h
 include/krb5/krb5.h
 include/krb5/krb5_asn1.h
+include/krb5/krb5_ccapi.h
 include/krb5/krb5_err.h
 include/krb5/otp.h
 include/krb5/parse_bytes.h
@@ -81,6 +83,7 @@ libexec/hpropd
 libexec/ipropd-master
 libexec/ipropd-slave
 libexec/kadmind
+libexec/kcm
 libexec/kdc
 libexec/kfd
 libexec/kftpd
@@ -90,6 +93,7 @@ libexec/push
 man/man1/${KRB5_PREFIX}login.1
 man/man1/${KRB5_PREFIX}rsh.1
 man/man1/${KRB5_PREFIX}telnet.1
+man/man1/${KRB5_PREFIX}su.1
 man/man1/afslog.1
 man/man1/kauth.1
 man/man1/kdestroy.1
@@ -103,6 +107,7 @@ man/man1/krb5-config.1
 man/man1/kx.1
 man/man1/otp.1
 man/man1/otpprint.1
+man/man1/pagsh.1
 man/man1/pfrom.1
 man/man1/rxtelnet.1
 man/man1/rxterm.1
@@ -135,8 +140,10 @@ man/man3/gss_inquire_cred.3
 man/man3/gss_inquire_cred_by_mech.3
 man/man3/gss_inquire_mechs_for_name.3
 man/man3/gss_inquire_names_for_mech.3
+man/man3/gss_krb5_ccache_name.3
 man/man3/gss_krb5_compat_des3_mic.3
 man/man3/gss_krb5_copy_ccache.3
+man/man3/gss_krb5_get_tkt_flags.3
 man/man3/gss_process_context_token.3
 man/man3/gss_release_buffer.3
 man/man3/gss_release_cred.3
@@ -152,20 +159,34 @@ man/man3/gss_verify_mic.3
 man/man3/gss_wrap.3
 man/man3/gss_wrap_size_limit.3
 man/man3/gssapi.3
+man/man3/gsskrb5_extract_authz_data_from_sec_context.3
 man/man3/k_afs_cell_of_file.3
 man/man3/k_hasafs.3
 man/man3/k_pioctl.3
 man/man3/k_setpag.3
 man/man3/k_unlog.3
+man/man3/kadm5_add_passwd_quality_verifier.3
+man/man3/kadm5_check_password_quality.3
+man/man3/kadm5_pwcheck.3
+man/man3/kadm5_setup_passwd_quality_check.3
 man/man3/kafs.3
 man/man3/kafs_set_verbose.3
 man/man3/kafs_settoken.3
 man/man3/kafs_settoken5.3
 man/man3/kafs_settoken_rxkad.3
 man/man3/krb5.3
+man/man3/krb524_convert_creds_kdc.3
+man/man3/krb524_convert_creds_kdc_ccache.3
 man/man3/krb5_425_conv_principal.3
 man/man3/krb5_425_conv_principal_ext.3
 man/man3/krb5_524_conv_principal.3
+man/man3/krb5_abort.3
+man/man3/krb5_abortx.3
+man/man3/krb5_acl_match_file.3
+man/man3/krb5_acl_match_string.3
+man/man3/krb5_add_et_list.3
+man/man3/krb5_add_extra_addresses.3
+man/man3/krb5_add_ignore_addresses.3
 man/man3/krb5_addlog_dest.3
 man/man3/krb5_addlog_func.3
 man/man3/krb5_addr2sockaddr.3
@@ -183,9 +204,12 @@ man/man3/krb5_appdefault_boolean.3
 man/man3/krb5_appdefault_string.3
 man/man3/krb5_appdefault_time.3
 man/man3/krb5_append_addresses.3
+man/man3/krb5_auth_con_addflags.3
 man/man3/krb5_auth_con_free.3
 man/man3/krb5_auth_con_genaddrs.3
+man/man3/krb5_auth_con_generatelocalsubkey.3
 man/man3/krb5_auth_con_getaddrs.3
+man/man3/krb5_auth_con_getauthenticator.3
 man/man3/krb5_auth_con_getflags.3
 man/man3/krb5_auth_con_getkey.3
 man/man3/krb5_auth_con_getlocalsubkey.3
@@ -194,6 +218,7 @@ man/man3/krb5_auth_con_getremotesubkey.3
 man/man3/krb5_auth_con_getuserkey.3
 man/man3/krb5_auth_con_init.3
 man/man3/krb5_auth_con_initivector.3
+man/man3/krb5_auth_con_removeflags.3
 man/man3/krb5_auth_con_setaddrs.3
 man/man3/krb5_auth_con_setaddrs_from_fd.3
 man/man3/krb5_auth_con_setflags.3
@@ -204,7 +229,6 @@ man/man3/krb5_auth_con_setrcache.3
 man/man3/krb5_auth_con_setremotesubkey.3
 man/man3/krb5_auth_con_setuserkey.3
 man/man3/krb5_auth_context.3
-man/man3/krb5_auth_getauthenticator.3
 man/man3/krb5_auth_getcksumtype.3
 man/man3/krb5_auth_getkeytype.3
 man/man3/krb5_auth_getlocalseqnumber.3
@@ -217,6 +241,22 @@ man/man3/krb5_build_principal.3
 man/man3/krb5_build_principal_ext.3
 man/man3/krb5_build_principal_va.3
 man/man3/krb5_build_principal_va_ext.3
+man/man3/krb5_c_block_size.3
+man/man3/krb5_c_checksum_length.3
+man/man3/krb5_c_decrypt.3
+man/man3/krb5_c_encrypt.3
+man/man3/krb5_c_encrypt_length.3
+man/man3/krb5_c_enctype_compare.3
+man/man3/krb5_c_get_checksum.3
+man/man3/krb5_c_is_coll_proof_cksum.3
+man/man3/krb5_c_is_keyed_cksum.3
+man/man3/krb5_c_make_checksum.3
+man/man3/krb5_c_make_random_key.3
+man/man3/krb5_c_set_checksum.3
+man/man3/krb5_c_valid_cksumtype.3
+man/man3/krb5_c_valid_enctype.3
+man/man3/krb5_c_verify_checksum.3
+man/man3/krb5_cc_clear_mcred.3
 man/man3/krb5_cc_close.3
 man/man3/krb5_cc_copy_cache.3
 man/man3/krb5_cc_cursor.3
@@ -227,11 +267,14 @@ man/man3/krb5_cc_end_seq_get.3
 man/man3/krb5_cc_gen_new.3
 man/man3/krb5_cc_get_name.3
 man/man3/krb5_cc_get_ops.3
+man/man3/krb5_cc_get_prefix_ops.3
 man/man3/krb5_cc_get_principal.3
 man/man3/krb5_cc_get_type.3
 man/man3/krb5_cc_get_version.3
 man/man3/krb5_cc_initialize.3
+man/man3/krb5_cc_new_unique.3
 man/man3/krb5_cc_next_cred.3
+man/man3/krb5_cc_next_cred_match.3
 man/man3/krb5_cc_ops.3
 man/man3/krb5_cc_register.3
 man/man3/krb5_cc_remove_cred.3
@@ -242,21 +285,66 @@ man/man3/krb5_cc_set_flags.3
 man/man3/krb5_cc_store_cred.3
 man/man3/krb5_ccache.3
 man/man3/krb5_change_password.3
+man/man3/krb5_check_transited.3
+man/man3/krb5_check_transited_realms.3
+man/man3/krb5_checksum.3
+man/man3/krb5_checksum_disable.3
 man/man3/krb5_checksum_is_collision_proof.3
 man/man3/krb5_checksum_is_keyed.3
 man/man3/krb5_checksumsize.3
+man/man3/krb5_cksumtype_valid.3
+man/man3/krb5_clear_error_string.3
 man/man3/krb5_closelog.3
+man/man3/krb5_compare_creds.3
 man/man3/krb5_config.3
+man/man3/krb5_config_file_free.3
+man/man3/krb5_config_free_strings.3
+man/man3/krb5_config_get.3
+man/man3/krb5_config_get_bool.3
 man/man3/krb5_config_get_bool_default.3
+man/man3/krb5_config_get_int.3
 man/man3/krb5_config_get_int_default.3
+man/man3/krb5_config_get_list.3
+man/man3/krb5_config_get_next.3
+man/man3/krb5_config_get_string.3
 man/man3/krb5_config_get_string_default.3
+man/man3/krb5_config_get_strings.3
+man/man3/krb5_config_get_time.3
 man/man3/krb5_config_get_time_default.3
+man/man3/krb5_config_parse_file.3
+man/man3/krb5_config_parse_file_multi.3
+man/man3/krb5_config_vget.3
+man/man3/krb5_config_vget_bool.3
+man/man3/krb5_config_vget_bool_default.3
+man/man3/krb5_config_vget_int.3
+man/man3/krb5_config_vget_int_default.3
+man/man3/krb5_config_vget_list.3
+man/man3/krb5_config_vget_next.3
+man/man3/krb5_config_vget_string.3
+man/man3/krb5_config_vget_string_default.3
+man/man3/krb5_config_vget_strings.3
+man/man3/krb5_config_vget_time.3
+man/man3/krb5_config_vget_time_default.3
 man/man3/krb5_context.3
 man/man3/krb5_copy_address.3
 man/man3/krb5_copy_addresses.3
+man/man3/krb5_copy_checksum.3
+man/man3/krb5_copy_creds.3
+man/man3/krb5_copy_creds_contents.3
 man/man3/krb5_copy_data.3
+man/man3/krb5_copy_host_realm.3
+man/man3/krb5_copy_keyblock.3
+man/man3/krb5_copy_keyblock_contents.3
+man/man3/krb5_copy_principal.3
+man/man3/krb5_copy_ticket.3
 man/man3/krb5_create_checksum.3
+man/man3/krb5_creds.3
 man/man3/krb5_crypto_destroy.3
+man/man3/krb5_crypto_get_checksum_type.3
+man/man3/krb5_crypto_getblocksize.3
+man/man3/krb5_crypto_getconfoundersize.3
+man/man3/krb5_crypto_getenctype.3
+man/man3/krb5_crypto_getpadsize.3
 man/man3/krb5_crypto_init.3
 man/man3/krb5_data.3
 man/man3/krb5_data_alloc.3
@@ -266,38 +354,124 @@ man/man3/krb5_data_realloc.3
 man/man3/krb5_data_zero.3
 man/man3/krb5_decrypt.3
 man/man3/krb5_decrypt_EncryptedData.3
+man/man3/krb5_decrypt_ivec.3
+man/man3/krb5_decrypt_ticket.3
+man/man3/krb5_domain_x500_decode.3
+man/man3/krb5_domain_x500_encode.3
+man/man3/krb5_eai_to_heim_errno.3
 man/man3/krb5_encrypt.3
 man/man3/krb5_encrypt_EncryptedData.3
+man/man3/krb5_encrypt_ivec.3
+man/man3/krb5_enctype_disable.3
+man/man3/krb5_enctype_keysize.3
+man/man3/krb5_enctype_to_string.3
+man/man3/krb5_enctype_valid.3
 man/man3/krb5_err.3
+man/man3/krb5_error_from_rd_error.3
 man/man3/krb5_errx.3
+man/man3/krb5_expand_hostname.3
+man/man3/krb5_expand_hostname_realms.3
 man/man3/krb5_fcc_ops.3
+man/man3/krb5_find_padata.3
+man/man3/krb5_format_time.3
 man/man3/krb5_free_address.3
 man/man3/krb5_free_addresses.3
+man/man3/krb5_free_authenticator.3
+man/man3/krb5_free_checksum.3
+man/man3/krb5_free_checksum_contents.3
+man/man3/krb5_free_config_files.3
 man/man3/krb5_free_context.3
+man/man3/krb5_free_cred_contents.3
+man/man3/krb5_free_creds.3
 man/man3/krb5_free_data.3
 man/man3/krb5_free_data_contents.3
+man/man3/krb5_free_error.3
+man/man3/krb5_free_error_contents.3
+man/man3/krb5_free_error_string.3
 man/man3/krb5_free_host_realm.3
+man/man3/krb5_free_kdc_rep.3
+man/man3/krb5_free_keyblock.3
+man/man3/krb5_free_keyblock_contents.3
 man/man3/krb5_free_krbhst.3
 man/man3/krb5_free_principal.3
+man/man3/krb5_free_salt.3
+man/man3/krb5_free_ticket.3
+man/man3/krb5_fwd_tgt_creds.3
+man/man3/krb5_generate_random_block.3
+man/man3/krb5_generate_random_keyblock.3
+man/man3/krb5_generate_subkey.3
+man/man3/krb5_generate_subkey_extended.3
 man/man3/krb5_get_all_client_addrs.3
 man/man3/krb5_get_all_server_addrs.3
+man/man3/krb5_get_cred_from_kdc.3
+man/man3/krb5_get_cred_from_kdc_opt.3
+man/man3/krb5_get_credentials.3
+man/man3/krb5_get_credentials_with_flags.3
+man/man3/krb5_get_default_config_files.3
+man/man3/krb5_get_default_principal.3
 man/man3/krb5_get_default_realm.3
 man/man3/krb5_get_default_realms.3
+man/man3/krb5_get_err_text.3
+man/man3/krb5_get_error_string.3
+man/man3/krb5_get_extra_addresses.3
+man/man3/krb5_get_fcache_version.3
+man/man3/krb5_get_forwarded_creds.3
 man/man3/krb5_get_host_realm.3
+man/man3/krb5_get_ignore_addresses.3
+man/man3/krb5_get_in_cred.3
+man/man3/krb5_get_in_tkt.3
+man/man3/krb5_get_in_tkt_with_keytab.3
+man/man3/krb5_get_in_tkt_with_password.3
+man/man3/krb5_get_in_tkt_with_skey.3
+man/man3/krb5_get_init_creds.3
+man/man3/krb5_get_init_creds_keytab.3
+man/man3/krb5_get_init_creds_opt.3
+man/man3/krb5_get_init_creds_opt_alloc.3
+man/man3/krb5_get_init_creds_opt_free.3
+man/man3/krb5_get_init_creds_opt_init.3
+man/man3/krb5_get_init_creds_opt_set_address_list.3
+man/man3/krb5_get_init_creds_opt_set_anonymous.3
+man/man3/krb5_get_init_creds_opt_set_default_flags.3
+man/man3/krb5_get_init_creds_opt_set_etype_list.3
+man/man3/krb5_get_init_creds_opt_set_forwardable.3
+man/man3/krb5_get_init_creds_opt_set_pa_password.3
+man/man3/krb5_get_init_creds_opt_set_paq_request.3
+man/man3/krb5_get_init_creds_opt_set_preauth_list.3
+man/man3/krb5_get_init_creds_opt_set_proxiable.3
+man/man3/krb5_get_init_creds_opt_set_rewew_life.3
+man/man3/krb5_get_init_creds_opt_set_salt.3
+man/man3/krb5_get_init_creds_opt_set_tkt_life.3
+man/man3/krb5_get_init_creds_password.3
+man/man3/krb5_get_kdc_cred.3
 man/man3/krb5_get_krb524hst.3
 man/man3/krb5_get_krb_admin_hst.3
 man/man3/krb5_get_krb_changepw_hst.3
 man/man3/krb5_get_krbhst.3
+man/man3/krb5_get_pw_salt.3
+man/man3/krb5_get_server_rcache.3
+man/man3/krb5_get_use_admin_kdc.3
+man/man3/krb5_get_wrapped_length.3
+man/man3/krb5_getportbyname.3
 man/man3/krb5_h_addr2addr.3
 man/man3/krb5_h_addr2sockaddr.3
+man/man3/krb5_h_errno_to_heim_errno.3
+man/man3/krb5_have_error_string.3
+man/man3/krb5_hmac.3
 man/man3/krb5_init_context.3
+man/man3/krb5_init_ets.3
 man/man3/krb5_initlog.3
+man/man3/krb5_is_thread_safe.3
+man/man3/krb5_keyblock.3
+man/man3/krb5_keyblock_get_enctype.3
+man/man3/krb5_keyblock_init.3
+man/man3/krb5_keyblock_zero.3
 man/man3/krb5_keytab.3
 man/man3/krb5_keytab_entry.3
 man/man3/krb5_krbhst_format_string.3
 man/man3/krb5_krbhst_free.3
 man/man3/krb5_krbhst_get_addrinfo.3
 man/man3/krb5_krbhst_init.3
+man/man3/krb5_krbhst_init_flags.3
 man/man3/krb5_krbhst_next.3
 man/man3/krb5_krbhst_next_as_string.3
 man/man3/krb5_krbhst_reset.3
@@ -307,6 +481,7 @@ man/man3/krb5_kt_compare.3
 man/man3/krb5_kt_copy_entry_contents.3
 man/man3/krb5_kt_cursor.3
 man/man3/krb5_kt_default.3
+man/man3/krb5_kt_default_modify_name.3
 man/man3/krb5_kt_default_name.3
 man/man3/krb5_kt_end_seq_get.3
 man/man3/krb5_kt_free_entry.3
@@ -328,25 +503,131 @@ man/man3/krb5_make_principal.3
 man/man3/krb5_max_sockaddr_size.3
 man/man3/krb5_mcc_ops.3
 man/man3/krb5_openlog.3
+man/man3/krb5_padata_add.3
 man/man3/krb5_parse_address.3
 man/man3/krb5_parse_name.3
+man/man3/krb5_passwd_result_to_string.3
+man/man3/krb5_password_key_proc.3
+man/man3/krb5_prepend_config_files.3
+man/man3/krb5_prepend_config_files_default.3
+man/man3/krb5_princ_realm.3
+man/man3/krb5_princ_set_realm.3
+man/man3/krb5_principal.3
+man/man3/krb5_principal_compare.3
+man/man3/krb5_principal_compare_any_realm.3
 man/man3/krb5_principal_get_comp_string.3
 man/man3/krb5_principal_get_realm.3
+man/man3/krb5_principal_get_type.3
+man/man3/krb5_principal_match.3
+man/man3/krb5_principal_set_type.3
 man/man3/krb5_print_address.3
+man/man3/krb5_prompt.3
+man/man3/krb5_prompter_posix.3
+man/man3/krb5_pwcheck.3
+man/man3/krb5_random_to_key.3
+man/man3/krb5_rc_close.3
+man/man3/krb5_rc_default.3
+man/man3/krb5_rc_default_name.3
+man/man3/krb5_rc_default_type.3
+man/man3/krb5_rc_destroy.3
+man/man3/krb5_rc_expunge.3
+man/man3/krb5_rc_get_lifespan.3
+man/man3/krb5_rc_get_name.3
+man/man3/krb5_rc_get_type.3
+man/man3/krb5_rc_initialize.3
+man/man3/krb5_rc_recover.3
+man/man3/krb5_rc_resolve.3
+man/man3/krb5_rc_resolve_full.3
+man/man3/krb5_rc_resolve_type.3
+man/man3/krb5_rc_store.3
+man/man3/krb5_rcache.3
+man/man3/krb5_rd_error.3
+man/man3/krb5_realm_compare.3
+man/man3/krb5_ret_address.3
+man/man3/krb5_ret_addrs.3
+man/man3/krb5_ret_authdata.3
+man/man3/krb5_ret_creds.3
+man/man3/krb5_ret_data.3
+man/man3/krb5_ret_int16.3
+man/man3/krb5_ret_int32.3
+man/man3/krb5_ret_int8.3
+man/man3/krb5_ret_keyblock.3
+man/man3/krb5_ret_principal.3
+man/man3/krb5_ret_string.3
+man/man3/krb5_ret_stringz.3
+man/man3/krb5_ret_times.3
+man/man3/krb5_set_config_files.3
 man/man3/krb5_set_default_realm.3
+man/man3/krb5_set_error_string.3
+man/man3/krb5_set_extra_addresses.3
+man/man3/krb5_set_fcache_version.3
+man/man3/krb5_set_ignore_addresses.3
 man/man3/krb5_set_password.3
 man/man3/krb5_set_password_using_ccache.3
+man/man3/krb5_set_real_time.3
+man/man3/krb5_set_use_admin_kdc.3
 man/man3/krb5_set_warn_dest.3
 man/man3/krb5_sname_to_principal.3
 man/man3/krb5_sock_to_principal.3
 man/man3/krb5_sockaddr2address.3
 man/man3/krb5_sockaddr2port.3
 man/man3/krb5_sockaddr_uninteresting.3
+man/man3/krb5_storage.3
+man/man3/krb5_storage_clear_flags.3
+man/man3/krb5_storage_emem.3
+man/man3/krb5_storage_free.3
+man/man3/krb5_storage_from_data.3
+man/man3/krb5_storage_from_fd.3
+man/man3/krb5_storage_from_mem.3
+man/man3/krb5_storage_get_byteorder.3
+man/man3/krb5_storage_is_flags.3
+man/man3/krb5_storage_read.3
+man/man3/krb5_storage_seek.3
+man/man3/krb5_storage_set_byteorder.3
+man/man3/krb5_storage_set_eof_code.3
+man/man3/krb5_storage_set_flags.3
+man/man3/krb5_storage_to_data.3
+man/man3/krb5_storage_write.3
+man/man3/krb5_store_address.3
+man/man3/krb5_store_addrs.3
+man/man3/krb5_store_authdata.3
+man/man3/krb5_store_creds.3
+man/man3/krb5_store_data.3
+man/man3/krb5_store_int16.3
+man/man3/krb5_store_int32.3
+man/man3/krb5_store_int8.3
+man/man3/krb5_store_keyblock.3
+man/man3/krb5_store_principal.3
+man/man3/krb5_store_string.3
+man/man3/krb5_store_stringz.3
+man/man3/krb5_store_times.3
+man/man3/krb5_string_to_deltat.3
+man/man3/krb5_string_to_enctype.3
+man/man3/krb5_string_to_key.3
+man/man3/krb5_string_to_key_data.3
+man/man3/krb5_string_to_key_data_salt.3
+man/man3/krb5_string_to_key_data_salt_opaque.3
+man/man3/krb5_string_to_key_derived.3
+man/man3/krb5_string_to_key_salt.3
+man/man3/krb5_string_to_key_salt_opaque.3
+man/man3/krb5_ticket.3
+man/man3/krb5_ticket_get_authorization_data_type.3
+man/man3/krb5_ticket_get_client.3
+man/man3/krb5_ticket_get_server.3
 man/man3/krb5_timeofday.3
 man/man3/krb5_unparse_name.3
+man/man3/krb5_unparse_name_fixed.3
+man/man3/krb5_unparse_name_fixed_short.3
+man/man3/krb5_unparse_name_short.3
 man/man3/krb5_us_timeofday.3
+man/man3/krb5_vabort.3
+man/man3/krb5_vabortx.3
 man/man3/krb5_verify_checksum.3
+man/man3/krb5_verify_init_creds.3
+man/man3/krb5_verify_init_creds_opt_init.3
+man/man3/krb5_verify_init_creds_opt_set_ap_req_nofail.3
 man/man3/krb5_verify_opt_init.3
+man/man3/krb5_verify_opt_set_ccache.3
 man/man3/krb5_verify_opt_set_flags.3
 man/man3/krb5_verify_opt_set_keytab.3
 man/man3/krb5_verify_opt_set_secure.3
@@ -358,12 +639,32 @@ man/man3/krb5_verr.3
 man/man3/krb5_verrx.3
 man/man3/krb5_vlog.3
 man/man3/krb5_vlog_msg.3
+man/man3/krb5_vset_error_string.3
 man/man3/krb5_vwarn.3
 man/man3/krb5_vwarnx.3
 man/man3/krb5_warn.3
 man/man3/krb5_warnx.3
 man/man3/krb_afslog.3
 man/man3/krb_afslog_uid.3
+man/man3/parse_time.3
+man/man3/print_time_table.3
+man/man3/rtbl.3
+man/man3/rtbl_add_column.3
+man/man3/rtbl_add_column_by_id.3
+man/man3/rtbl_add_column_entry.3
+man/man3/rtbl_add_column_entry_by_id.3
+man/man3/rtbl_create.3
+man/man3/rtbl_destroy.3
+man/man3/rtbl_format.3
+man/man3/rtbl_get_flags.3
+man/man3/rtbl_new_row.3
+man/man3/rtbl_set_column_affix_by_id.3
+man/man3/rtbl_set_column_prefix.3
+man/man3/rtbl_set_flags.3
+man/man3/rtbl_set_prefix.3
+man/man3/rtbl_set_separator.3
+man/man3/unparse_time.3
+man/man3/unparse_time_approx.3
 man/man5/kftpusers.5
 man/man5/krb5.conf.5
 man/man5/login.access.5
@@ -371,8 +672,12 @@ man/man8/${KRB5_PREFIX}rshd.8
 man/man8/${KRB5_PREFIX}telnetd.8
 man/man8/hprop.8
 man/man8/hpropd.8
+man/man8/iprop.8
+man/man8/ipropd-master.8
+man/man8/ipropd-slave.8
 man/man8/kadmin.8
 man/man8/kadmind.8
+man/man8/kcm.8
 man/man8/kdc.8
 man/man8/kerberos.8
 man/man8/kfd.8
@@ -391,7 +696,12 @@ sbin/kstash
 sbin/ktutil
 sbin/replay_log
 sbin/truncate_log
+${LDAP}share/examples/heimdal/hdb.schema
+share/examples/rc.d/kadmind
+share/examples/rc.d/kcm
 share/examples/rc.d/kdc
+share/examples/rc.d/kpasswdd
+${LDAP}@dirrm share/examples/heimdal
 @dirrm include/krb5/ss
 @dirrm include/krb5/kadm5
 @dirrm include/krb5
diff --git a/security/heimdal/buildlink3.mk b/security/heimdal/buildlink3.mk
index 2ea31252182..05445f58a99 100644
--- a/security/heimdal/buildlink3.mk
+++ b/security/heimdal/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.25 2005/05/11 22:08:19 jlam Exp $
+# $NetBSD: buildlink3.mk,v 1.26 2005/10/26 15:12:45 jlam Exp $
 
 BUILDLINK_DEPTH:=	${BUILDLINK_DEPTH}+
 HEIMDAL_BUILDLINK3_MK:=	${HEIMDAL_BUILDLINK3_MK}+
@@ -27,11 +27,10 @@ MAKEFLAGS+=	PKG_BUILD_OPTIONS.heimdal=${PKG_BUILD_OPTIONS.heimdal:Q}
 .endif
 MAKEVARS+=	PKG_BUILD_OPTIONS.heimdal
 
-.include "../../security/openssl/buildlink3.mk"
-.if !empty(PKG_BUILD_OPTIONS.heimdal:Mdb4)
-.  include "../../databases/db4/buildlink3.mk"
-.else
-.  include "../../mk/bdb.buildlink3.mk"
+.if !empty(PKG_BUILD_OPTIONS.heimdal:Mldap)
+.  include "../../databases/openldap/buildlink3.mk"
 .endif
+.include "../../security/openssl/buildlink3.mk"
+.include "../../mk/bdb.buildlink3.mk"
 
 BUILDLINK_DEPTH:=	${BUILDLINK_DEPTH:S/+$//}
diff --git a/security/heimdal/builtin.mk b/security/heimdal/builtin.mk
index 66c3740722b..967200dc73b 100644
--- a/security/heimdal/builtin.mk
+++ b/security/heimdal/builtin.mk
@@ -1,10 +1,12 @@
-# $NetBSD: builtin.mk,v 1.5 2005/06/09 06:07:29 jlam Exp $
+# $NetBSD: builtin.mk,v 1.6 2005/10/26 15:12:45 jlam Exp $
 
 BUILTIN_PKG:=	heimdal
 
-BUILTIN_FIND_FILES_VAR:=	H_HEIMDAL
-BUILTIN_FIND_FILES.H_HEIMDAL=	/usr/include/krb5/krb5.h
-BUILTIN_FIND_GREP.H_HEIMDAL=	heimdal_version
+BUILTIN_FIND_FILES_VAR:=		H_HEIMDAL SH_KRB5_CONFIG
+BUILTIN_FIND_FILES.H_HEIMDAL=		/usr/include/krb5/krb5.h
+BUILTIN_FIND_GREP.H_HEIMDAL=		heimdal_version
+BUILTIN_FIND_FILES.SH_KRB5_CONFIG=	/usr/bin/krb5-config
+BUILTIN_FIND_GREP.SH_KRB5_CONFIG=	^[ 	]*--version)
 
 .include "../../mk/buildlink3/bsd.builtin.mk"
 
@@ -26,8 +28,12 @@ MAKEVARS+=	IS_BUILTIN.heimdal
 ###
 .if !defined(BUILTIN_PKG.heimdal) && \
     !empty(IS_BUILTIN.heimdal:M[yY][eE][sS])
+.  if exists(${SH_KRB5_CONFIG})
+BUILTIN_VERSION.heimdal!=	${SH_KRB5_CONFIG} --version |		\
+				${AWK} '{ print $$2; exit }'
+.  else
 #
-# heimdal<=0.6 doesn't have a method of checking the headers to discover
+# heimdal<=0.6.x doesn't have a method of checking files to discover
 # the version number of the software.  Match up heimdal versions with
 # OS versions for an approximate determination of the heimdal version.
 #
@@ -43,14 +49,15 @@ _BLTN_HEIMDAL_0.4e=	NetBSD-1.6[A-H]-*				\
 _BLTN_HEIMDAL_0.3f=	NetBSD-1.5X-*
 _BLTN_HEIMDAL_0.3e=	NetBSD-1.5[UVW]-*				\
 			NetBSD-1.5.*-*
-.  for _heimdal_version_ in ${_BLTN_HEIMDAL_VERSIONS}
-.    for _pattern_ in ${_BLTN_HEIMDAL_${_heimdal_version_}}
-.      if !empty(MACHINE_PLATFORM:M${_pattern_})
+.    for _heimdal_version_ in ${_BLTN_HEIMDAL_VERSIONS}
+.      for _pattern_ in ${_BLTN_HEIMDAL_${_heimdal_version_}}
+.        if !empty(MACHINE_PLATFORM:M${_pattern_})
 BUILTIN_VERSION.heimdal?=	${_heimdal_version_}
-.      endif
+.        endif
+.      endfor
 .    endfor
-.  endfor
 BUILTIN_VERSION.heimdal?=	0.2t
+.  endif
 BUILTIN_PKG.heimdal=		heimdal-${BUILTIN_VERSION.heimdal}
 .endif
 MAKEVARS+=	BUILTIN_PKG.heimdal
diff --git a/security/heimdal/distinfo b/security/heimdal/distinfo
index 6e45819b847..562216e05ba 100644
--- a/security/heimdal/distinfo
+++ b/security/heimdal/distinfo
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.14 2005/08/23 14:07:25 reed Exp $
+$NetBSD: distinfo,v 1.15 2005/10/26 15:12:45 jlam Exp $
 
-SHA1 (heimdal-0.6.5.tar.gz) = 1cb896e2f081e74bf766279535a2510c9a5cb0b3
-RMD160 (heimdal-0.6.5.tar.gz) = 726f9b4c655e6380ac0ad4ea3917b938013d8e5c
-Size (heimdal-0.6.5.tar.gz) = 3329395 bytes
-SHA1 (patch-aa) = c0a736131b3fb54f9cdea57ea55e4f0f0619532b
-SHA1 (patch-ab) = 400a9ac3a76ac7e8b4dcc230e0bdf7fc5222fbb7
-SHA1 (patch-ac) = 121961811f559822c6a4f3d7f7e4646b16908942
-SHA1 (patch-ad) = dd34b20754399c3554bb7bba8fc18c8195791aa5
+SHA1 (heimdal-0.7.1.tar.gz) = ab3e6f5fe6de86f7ba7413f8600f9b1ed956b620
+RMD160 (heimdal-0.7.1.tar.gz) = 30373d227452e20187ca4bad1dc980c3f952be26
+Size (heimdal-0.7.1.tar.gz) = 4515175 bytes
+SHA1 (patch-ab) = 50c526185cd64e48b7b60f154011e5efa6930570
+SHA1 (patch-ac) = 313c0a1f91e4f9546ae906f981adae0d499dd9cf
+SHA1 (patch-ad) = a7cfc038e76f8c3da38f8eb0ee48a7f8c7a9c7df
+SHA1 (patch-ae) = a9ec9b28a6291786631f900972fe231150d4afe0
+SHA1 (patch-af) = c8ef770eba0647d71f3bbbaca1d3fb0eaa7875d2
diff --git a/security/heimdal/files/kadmind.sh b/security/heimdal/files/kadmind.sh
new file mode 100644
index 00000000000..e9a3171cdeb
--- /dev/null
+++ b/security/heimdal/files/kadmind.sh
@@ -0,0 +1,20 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: kadmind.sh,v 1.1 2005/10/26 15:12:45 jlam Exp $
+#
+# PROVIDE: kadmind
+# REQUIRE: NETWORKING
+# BEFORE:  SERVERS
+
+. /etc/rc.subr
+
+name="kadmind"
+rcvar=$name
+command="@PREFIX@/libexec/${name}"
+command_args="& sleep 2"
+required_files="@PKG_SYSCONFDIR@/krb5.conf"
+required_vars="kdc"
+
+load_rc_config $name
+load_rc_config_var kdc kdc
+run_rc_command "$1"
diff --git a/security/heimdal/files/kcm.sh b/security/heimdal/files/kcm.sh
new file mode 100644
index 00000000000..21bd4e9e40c
--- /dev/null
+++ b/security/heimdal/files/kcm.sh
@@ -0,0 +1,18 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: kcm.sh,v 1.1 2005/10/26 15:12:45 jlam Exp $
+#
+# PROVIDE: kcm
+# REQUIRE: NETWORKING
+# BEFORE:  SERVERS
+
+. /etc/rc.subr
+
+name="kcm"
+rcvar=$name
+command="@PREFIX@/libexec/${name}"
+command_args="--detach"
+required_files="@PKG_SYSCONFDIR@/krb5.conf"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/security/heimdal/files/kdc.sh b/security/heimdal/files/kdc.sh
index 422a7ffbca2..ae26e81a9a2 100644
--- a/security/heimdal/files/kdc.sh
+++ b/security/heimdal/files/kdc.sh
@@ -1,14 +1,12 @@
 #!@RCD_SCRIPTS_SHELL@
 #
-# $NetBSD: kdc.sh,v 1.2 2004/02/23 12:35:11 wiz Exp $
+# $NetBSD: kdc.sh,v 1.3 2005/10/26 15:12:45 jlam Exp $
 #
 # PROVIDE: kdc
 # REQUIRE: NETWORKING
 # BEFORE:  SERVERS
 
-if [ -f /etc/rc.subr ]; then
-	. /etc/rc.subr
-fi
+. /etc/rc.subr
 
 name="kdc"
 rcvar=$name
@@ -16,10 +14,5 @@ command="@PREFIX@/libexec/${name}"
 command_args="--detach"
 required_files="@PKG_SYSCONFDIR@/krb5.conf"
 
-if [ -f /etc/rc.subr ]; then
-	load_rc_config $name
-	run_rc_command "$1"
-else
-	@ECHO@ -n " ${name}"
-	${command} ${kdc_flags}
-fi
+load_rc_config $name
+run_rc_command "$1"
diff --git a/security/heimdal/files/kpasswdd.sh b/security/heimdal/files/kpasswdd.sh
new file mode 100644
index 00000000000..b6fb0f88d5d
--- /dev/null
+++ b/security/heimdal/files/kpasswdd.sh
@@ -0,0 +1,20 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: kpasswdd.sh,v 1.1 2005/10/26 15:12:45 jlam Exp $
+#
+# PROVIDE: kpasswdd
+# REQUIRE: NETWORKING
+# BEFORE:  SERVERS
+
+. /etc/rc.subr
+
+name="kpasswdd"
+rcvar=$name
+command="@PREFIX@/libexec/${name}"
+command_args="& sleep 2"
+required_files="@PKG_SYSCONFDIR@/krb5.conf"
+required_vars="kdc"
+
+load_rc_config $name
+load_rc_config_var kdc kdc
+run_rc_command "$1"
diff --git a/security/heimdal/patches/patch-aa b/security/heimdal/patches/patch-aa
deleted file mode 100644
index b1ee7e02f86..00000000000
--- a/security/heimdal/patches/patch-aa
+++ /dev/null
@@ -1,29 +0,0 @@
-$NetBSD: patch-aa,v 1.3 2005/08/04 16:50:18 tonio Exp $
-
---- lib/asn1/gen_glue.c.orig	2005-08-04 16:58:58.000000000 +0200
-+++ lib/asn1/gen_glue.c	2005-08-04 17:02:45.000000000 +0200
-@@ -103,11 +103,11 @@
-     int tag = -1;
- 
-     fprintf (headerfile,
--	     "extern struct units %s_units[];",
-+	     "extern struct units * const %s_units;",
- 	     s->gen_name);
- 
-     fprintf (codefile,
--	     "struct units %s_units[] = {\n",
-+	     "struct units %s_units_static[] = {\n",
- 	     s->gen_name);
- 
-     if(t->members)
-@@ -122,6 +122,10 @@
-     fprintf (codefile,
- 	     "\t{NULL,\t0}\n"
- 	     "};\n\n");
-+
-+    fprintf (codefile,
-+            "struct units * const %s_units = %s_units_static;\n\n",
-+            s->gen_name, s->gen_name);
- }
- 
- void
diff --git a/security/heimdal/patches/patch-ab b/security/heimdal/patches/patch-ab
index 9905a3e27ea..b67664f58be 100644
--- a/security/heimdal/patches/patch-ab
+++ b/security/heimdal/patches/patch-ab
@@ -1,40 +1,30 @@
-$NetBSD: patch-ab,v 1.1.1.1 2004/01/10 14:56:45 jlam Exp $
+$NetBSD: patch-ab,v 1.2 2005/10/26 15:12:45 jlam Exp $
 
---- cf/install-catman.sh.orig	Sat Sep 29 12:05:38 2001
+--- cf/install-catman.sh.orig	2005-09-09 08:12:22.000000000 -0400
 +++ cf/install-catman.sh
-@@ -14,16 +14,7 @@ for f in "$@"; do
+@@ -9,6 +9,7 @@ mkinstalldirs="$1"; shift
+ srcdir="$1"; shift
+ manbase="$1"; shift
+ suffix="$1"; shift
++catinstall="${INSTALL_CATPAGES-yes}"
+ 
+ for f in "$@"; do
  	base=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\1/'`
- 	section=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\2/'`
- 	mandir="$manbase/man$section"
--	catdir="$manbase/cat$section"
--	c="$base.cat$section"
+@@ -17,7 +18,7 @@ for f in "$@"; do
+ 	catdir="$manbase/cat$section"
+ 	c="$base.cat$section"
  
 -	if test -f "$srcdir/$c"; then
--		if test \! -d "$catdir"; then
--			eval "$mkinstalldirs $catdir"
--		fi
--		eval "echo $INSTALL_DATA $srcdir/$c $catdir/$base.$suffix"
--		eval "$INSTALL_DATA $srcdir/$c $catdir/$base.$suffix"
--	fi
- 	for link in `sed -n -e '/SYNOPSIS/q;/DESCRIPTION/q;s/^\.Nm \([^ ]*\).*/\1/p' $srcdir/$f`; do
- 		if [ "$link" != "$base" ]; then
- 			target="$mandir/$link.$section"
-@@ -36,18 +27,6 @@ for f in "$@"; do
++	if test "$catinstall" = yes -a -f "$srcdir/$c"; then
+ 		if test \! -d "$catdir"; then
+ 			eval "$mkinstalldirs $catdir"
+ 		fi
+@@ -36,7 +37,7 @@ for f in "$@"; do
  					break
  				fi
  			done
 -			if test -f "$srcdir/$c"; then
--				target="$catdir/$link.$suffix"
--				for cmd in "ln -f $catdir/$base.$suffix $target" \
--					   "ln -fs $base.$suffix $target" \
--					   "cp -f $catdir/$base.$suffix $target"
--				do
--					if eval "$cmd"; then
--						eval echo "$cmd"
--						break
--					fi
--				done
--			fi
- 		fi
- 	done
- done
++			if test "$catinstall" = yes -a -f "$srcdir/$c"; then
+ 				target="$catdir/$link.$suffix"
+ 				for cmd in "ln -f $catdir/$base.$suffix $target" \
+ 					   "ln -fs $base.$suffix $target" \
diff --git a/security/heimdal/patches/patch-ac b/security/heimdal/patches/patch-ac
index ade79ffbd10..e34eaf84cc7 100644
--- a/security/heimdal/patches/patch-ac
+++ b/security/heimdal/patches/patch-ac
@@ -1,8 +1,8 @@
-$NetBSD: patch-ac,v 1.1.1.1 2004/01/10 14:56:45 jlam Exp $
+$NetBSD: patch-ac,v 1.2 2005/10/26 15:12:45 jlam Exp $
 
---- configure.in.orig	Mon May 12 11:26:39 2003
+--- configure.in.orig	2005-09-09 08:13:10.000000000 -0400
 +++ configure.in
-@@ -16,9 +16,6 @@ AM_MAINTAINER_MODE
+@@ -15,9 +15,6 @@ AM_MAINTAINER_MODE
  
  AC_PREFIX_DEFAULT(/usr/heimdal)
  
diff --git a/security/heimdal/patches/patch-ad b/security/heimdal/patches/patch-ad
index 81b03a611a3..60848f26193 100644
--- a/security/heimdal/patches/patch-ad
+++ b/security/heimdal/patches/patch-ad
@@ -1,8 +1,8 @@
-$NetBSD: patch-ad,v 1.6 2005/08/23 14:07:25 reed Exp $
+$NetBSD: patch-ad,v 1.7 2005/10/26 15:12:45 jlam Exp $
 
---- configure.orig	2005-06-14 14:29:16.000000000 +0000
+--- configure.orig	2005-09-09 08:14:45.000000000 -0400
 +++ configure
-@@ -3176,9 +3176,6 @@ fi
+@@ -3182,9 +3182,6 @@ fi
  
  
  
@@ -12,35 +12,3 @@ $NetBSD: patch-ad,v 1.6 2005/08/23 14:07:25 reed Exp $
  # Make sure we can run config.sub.
  $ac_config_sub sun4 >/dev/null 2>&1 ||
    { { echo "$as_me:$LINENO: error: cannot run $ac_config_sub" >&5
-@@ -22000,6 +21997,7 @@ cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h.  */
- 
- 		#undef KRB5 /* makes md4.h et al unhappy */
-+		#include <sys/types.h>
- 		#ifdef HAVE_OPENSSL
- 		#include <openssl/md4.h>
- 		#include <openssl/md5.h>
-@@ -22096,6 +22094,7 @@ cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h.  */
- 
- 		#undef KRB5 /* makes md4.h et al unhappy */
-+		#include <sys/types.h>
- 		#ifdef HAVE_OPENSSL
- 		#include <openssl/md4.h>
- 		#include <openssl/md5.h>
-@@ -22192,6 +22191,7 @@ cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h.  */
- 
- 		#undef KRB5 /* makes md4.h et al unhappy */
-+		#include <sys/types.h>
- 		#ifdef HAVE_OPENSSL
- 		#include <openssl/md4.h>
- 		#include <openssl/md5.h>
-@@ -22319,6 +22319,7 @@ cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h.  */
- 
- 		#undef KRB5 /* makes md4.h et al unhappy */
-+		#include <sys/types.h>
- 		#ifdef HAVE_OPENSSL
- 		#include <openssl/md4.h>
- 		#include <openssl/md5.h>
diff --git a/security/heimdal/patches/patch-ae b/security/heimdal/patches/patch-ae
new file mode 100644
index 00000000000..b964bddb558
--- /dev/null
+++ b/security/heimdal/patches/patch-ae
@@ -0,0 +1,13 @@
+$NetBSD: patch-ae,v 1.5 2005/10/26 15:12:45 jlam Exp $
+
+--- lib/krb5/krb5_encrypt.3.orig	2005-09-09 08:12:13.000000000 -0400
++++ lib/krb5/krb5_encrypt.3
+@@ -44,7 +44,7 @@
+ .Nm krb5_decrypt_ivec ,
+ .Nm krb5_decrypt_ticket ,
+ .Nm krb5_encrypt ,
+-.Nm krb5_encrypt_EncryptedData,
++.Nm krb5_encrypt_EncryptedData ,
+ .Nm krb5_encrypt_ivec ,
+ .Nm krb5_enctype_disable ,
+ .Nm krb5_enctype_keysize ,
diff --git a/security/heimdal/patches/patch-af b/security/heimdal/patches/patch-af
new file mode 100644
index 00000000000..0fc76745dda
--- /dev/null
+++ b/security/heimdal/patches/patch-af
@@ -0,0 +1,12 @@
+$NetBSD: patch-af,v 1.3 2005/10/26 15:12:45 jlam Exp $
+
+--- lib/krb5/Makefile.in.orig	2005-09-09 08:17:31.000000000 -0400
++++ lib/krb5/Makefile.in
+@@ -737,6 +737,7 @@ man_MANS = \
+ 	krb5_rcache.3				\
+ 	krb5_rd_error.3				\
+ 	krb5_set_default_realm.3		\
++	krb5_set_password.3			\
+ 	krb5_storage.3				\
+ 	krb5_string_to_key.3			\
+ 	krb5_ticket.3				\