plugins/kdb/db2 \
@ldap_plugin_dir@ \
plugins/preauth/pkinit \
- plugins/preauth/encrypted_challenge \
kdc kadmin slave clients appl tests \
config-files gen-manpages @po@
WINSUBDIRS=include util lib ccapi windows clients appl
(w=`pwd`; cd util && $(MAKE) install DESTDIR="$$w/util/fakedest")
(w=`pwd`; cd lib && $(MAKE) install DESTDIR="$$w/util/fakedest")
(w=`pwd`; cd plugins/kdb/db2 && $(MAKE) install DESTDIR="$$w/util/fakedest")
- (w=`pwd`; cd plugins/preauth/encrypted_challenge && $(MAKE) install DESTDIR="$$w/util/fakedest")
if test -r plugins/preauth/pkinit/Makefile; then \
(w=`pwd`; cd plugins/preauth/pkinit && $(MAKE) install DESTDIR="$$w/util/fakedest"); \
fi
plugins/kdb/db2/libdb2/recno
plugins/kdb/db2/libdb2/test
plugins/kdb/hdb
- plugins/preauth/cksum_body plugins/preauth/encrypted_challenge
+ plugins/preauth/cksum_body
plugins/preauth/securid_sam2
plugins/preauth/wpse
plugins/authdata/greet
--- /dev/null
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/fast_factor.h - Convenience inline functions for FAST factors */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef FAST_FACTOR_H
+
+/*
+ * Returns success with a null armor_key if FAST is available but not in use.
+ * Returns failure if the client library does not support FAST.
+ */
+static inline krb5_error_code
+fast_get_armor_key(krb5_context context, krb5_clpreauth_get_data_fn get_data,
+ krb5_clpreauth_rock rock, krb5_keyblock **armor_key)
+{
+ krb5_error_code retval = 0;
+ krb5_data *data;
+ retval = get_data(context, rock, krb5_clpreauth_fast_armor, &data);
+ if (retval == 0) {
+ *armor_key = (krb5_keyblock *) data->data;
+ data->data = NULL;
+ get_data(context, rock, krb5_clpreauth_free_fast_armor, &data);
+ }
+ return retval;
+}
+
+static inline krb5_error_code
+fast_kdc_get_armor_key(krb5_context context,
+ krb5_kdcpreauth_get_data_fn get_entry,
+ krb5_kdc_req *request,
+ struct _krb5_db_entry_new *client,
+ krb5_keyblock **armor_key)
+{
+ krb5_error_code retval;
+ krb5_data *data;
+ retval = get_entry(context, request, client, krb5_kdcpreauth_fast_armor,
+ &data);
+ if (retval == 0) {
+ *armor_key = (krb5_keyblock *) data->data;
+ data->data = NULL;
+ get_entry(context, request, client,
+ krb5_kdcpreauth_free_fast_armor, &data);
+ }
+ return retval;
+}
+
+
+
+static inline krb5_error_code
+fast_kdc_replace_reply_key(krb5_context context,
+ krb5_kdcpreauth_get_data_fn get_data,
+ krb5_kdc_req *request)
+{
+ return 0;
+}
+
+static inline krb5_error_code
+fast_set_kdc_verified(krb5_context context,
+ krb5_clpreauth_get_data_fn get_data,
+ krb5_clpreauth_rock rock)
+{
+ return 0;
+}
+
+#endif /* FAST_FACTOR_H */
$(srcdir)/fast_util.c \
$(srcdir)/kdc_util.c \
$(srcdir)/kdc_preauth.c \
+ $(srcdir)/kdc_preauth_ec.c \
$(srcdir)/main.c \
$(srcdir)/policy.c \
$(srcdir)/extern.c \
fast_util.o \
kdc_util.o \
kdc_preauth.o \
+ kdc_preauth_ec.o \
main.o \
policy.o \
extern.o \
*vtables_out = NULL;
*n_tables_out = *n_systems_out = 0;
- /* Auto-register pkinit and encrypted challenge if possible. */
+ /* Auto-register encrypted challenge and (if possible) pkinit. */
k5_plugin_register_dyn(context, PLUGIN_INTERFACE_KDCPREAUTH, "pkinit",
"preauth");
- k5_plugin_register_dyn(context, PLUGIN_INTERFACE_KDCPREAUTH,
- "encrypted_challenge", "preauth");
+ k5_plugin_register(context, PLUGIN_INTERFACE_KDCPREAUTH,
+ "encrypted_challenge",
+ kdcpreauth_encrypted_challenge_initvt);
if (k5_plugin_load_all(context, PLUGIN_INTERFACE_KDCPREAUTH, &plugins))
return;
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* plugins/preauth/encrypted_challenge/encrypted_challenge_main.c */
+/* kdc/kdc_preauth_ec.c - Encrypted challenge kdcpreauth module */
/*
* Copyright (C) 2009 by the Massachusetts Institute of Technology.
* All rights reserved.
*/
#include <k5-int.h>
-#include "../fast_factor.h"
-
#include <krb5/preauth_plugin.h>
-
-static int
-preauth_flags(krb5_context context, krb5_preauthtype pa_type)
-{
- return PA_REAL;
-}
-
-static krb5_error_code
-process_preauth(krb5_context context, krb5_clpreauth_moddata moddata,
- krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
- krb5_clpreauth_get_data_fn get_data_proc,
- krb5_clpreauth_rock rock, krb5_kdc_req *request,
- krb5_data *encoded_request_body,
- krb5_data *encoded_previous_request, krb5_pa_data *padata,
- krb5_prompter_fct prompter, void *prompter_data,
- krb5_clpreauth_get_as_key_fn gak_fct, void *gak_data,
- krb5_data *salt, krb5_data *s2kparams, krb5_keyblock *as_key,
- krb5_pa_data ***out_padata)
-{
- krb5_error_code retval = 0;
- krb5_enctype enctype = 0;
- krb5_keyblock *challenge_key = NULL, *armor_key = NULL;
- krb5_data *etype_data = NULL;
- krb5int_access kaccess;
-
- if (krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION) != 0)
- return 0;
- retval = fast_get_armor_key(context, get_data_proc, rock, &armor_key);
- if (retval || armor_key == NULL)
- return 0;
- retval = get_data_proc(context, rock, krb5_clpreauth_get_etype,
- &etype_data);
- if (retval == 0) {
- enctype = *((krb5_enctype *)etype_data->data);
- if (as_key->length == 0 ||as_key->enctype != enctype)
- retval = gak_fct(context, request->client,
- enctype, prompter, prompter_data,
- salt, s2kparams,
- as_key, gak_data);
- }
- if (retval == 0 && padata->length) {
- krb5_enc_data *enc = NULL;
- krb5_data scratch;
- scratch.length = padata->length;
- scratch.data = (char *) padata->contents;
- retval = krb5_c_fx_cf2_simple(context,armor_key, "kdcchallengearmor",
- as_key, "challengelongterm",
- &challenge_key);
- if (retval == 0)
- retval =kaccess.decode_enc_data(&scratch, &enc);
- scratch.data = NULL;
- if (retval == 0) {
- scratch.data = malloc(enc->ciphertext.length);
- scratch.length = enc->ciphertext.length;
- if (scratch.data == NULL)
- retval = ENOMEM;
- }
- if (retval == 0)
- retval = krb5_c_decrypt(context, challenge_key,
- KRB5_KEYUSAGE_ENC_CHALLENGE_KDC, NULL,
- enc, &scratch);
- /*
- * Per draft 11 of the preauth framework, the client MAY but is not
- * required to actually check the timestamp from the KDC other than to
- * confirm it decrypts. This code does not perform that check.
- */
- if (scratch.data)
- krb5_free_data_contents(context, &scratch);
- if (retval == 0)
- fast_set_kdc_verified(context, get_data_proc, rock);
- if (enc)
- kaccess.free_enc_data(context, enc);
- } else if (retval == 0) { /*No padata; we send*/
- krb5_enc_data enc;
- krb5_pa_data *pa = NULL;
- krb5_pa_data **pa_array = NULL;
- krb5_data *encoded_ts = NULL;
- krb5_pa_enc_ts ts;
- enc.ciphertext.data = NULL;
- retval = krb5_us_timeofday(context, &ts.patimestamp, &ts.pausec);
- if (retval == 0)
- retval = kaccess.encode_enc_ts(&ts, &encoded_ts);
- if (retval == 0)
- retval = krb5_c_fx_cf2_simple(context,
- armor_key, "clientchallengearmor",
- as_key, "challengelongterm",
- &challenge_key);
- if (retval == 0)
- retval = kaccess.encrypt_helper(context, challenge_key,
- KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT,
- encoded_ts, &enc);
- if (encoded_ts)
- krb5_free_data(context, encoded_ts);
- encoded_ts = NULL;
- if (retval == 0) {
- retval = kaccess.encode_enc_data(&enc, &encoded_ts);
- krb5_free_data_contents(context, &enc.ciphertext);
- }
- if (retval == 0) {
- pa = calloc(1, sizeof(krb5_pa_data));
- if (pa == NULL)
- retval = ENOMEM;
- }
- if (retval == 0) {
- pa_array = calloc(2, sizeof(krb5_pa_data *));
- if (pa_array == NULL)
- retval = ENOMEM;
- }
- if (retval == 0) {
- pa->length = encoded_ts->length;
- pa->contents = (unsigned char *) encoded_ts->data;
- pa->pa_type = KRB5_PADATA_ENCRYPTED_CHALLENGE;
- free(encoded_ts);
- encoded_ts = NULL;
- pa_array[0] = pa;
- pa = NULL;
- *out_padata = pa_array;
- pa_array = NULL;
- }
- if (pa)
- free(pa);
- if (encoded_ts)
- krb5_free_data(context, encoded_ts);
- if (pa_array)
- free(pa_array);
- }
- if (challenge_key)
- krb5_free_keyblock(context, challenge_key);
- if (armor_key)
- krb5_free_keyblock(context, armor_key);
- if (etype_data != NULL)
- get_data_proc(context, rock, krb5_clpreauth_free_etype, &etype_data);
- return retval;
-}
-
+#include "fast_factor.h"
+#include "kdc_util.h"
static krb5_error_code
kdc_include_padata(krb5_context context, krb5_kdc_req *request,
krb5_preauthtype supported_pa_types[] = {
KRB5_PADATA_ENCRYPTED_CHALLENGE, 0};
-krb5_error_code
-kdcpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
- int min_ver, krb5_plugin_vtable vtable);
-krb5_error_code
-clpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
- int min_ver, krb5_plugin_vtable vtable);
-
krb5_error_code
kdcpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
int min_ver, krb5_plugin_vtable vtable)
vt->return_padata = kdc_return_preauth;
return 0;
}
-
-krb5_error_code
-clpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
- int min_ver, krb5_plugin_vtable vtable)
-{
- krb5_clpreauth_vtable vt;
-
- if (maj_ver != 1)
- return KRB5_PLUGIN_VER_NOTSUPP;
- vt = (krb5_clpreauth_vtable)vtable;
- vt->name = "encrypted_challenge";
- vt->pa_type_list = supported_pa_types;
- vt->flags = preauth_flags;
- vt->process = process_preauth;
- return 0;
-}
krb5_pa_data ***out_padata,
krb5_boolean copy);
+/* kdc_preauth_ec.c */
+krb5_error_code
+kdcpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
+ int min_ver, krb5_plugin_vtable vtable);
+
/* kdc_authdata.c */
krb5_error_code
load_authdata_plugins(krb5_context context);
plugin.o \
pr_to_salt.o \
preauth2.o \
+ preauth_ec.o \
gic_opt_set_pa.o \
princ_comp.o \
privsafe.o \
$(OUTPRE)plugin.$(OBJEXT) \
$(OUTPRE)pr_to_salt.$(OBJEXT) \
$(OUTPRE)preauth2.$(OBJEXT) \
+ $(OUTPRE)preauth_ec.$(OBJEXT) \
$(OUTPRE)gic_opt_set_pa.$(OBJEXT) \
$(OUTPRE)princ_comp.$(OBJEXT) \
$(OUTPRE)privsafe.$(OBJEXT) \
$(srcdir)/plugin.c \
$(srcdir)/pr_to_salt.c \
$(srcdir)/preauth2.c \
+ $(srcdir)/preauth_ec.c \
$(srcdir)/gic_opt_set_pa.c \
$(srcdir)/princ_comp.c \
$(srcdir)/privsafe.c \
const char *attr,
const char *value);
+krb5_error_code
+clpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
+ int min_ver, krb5_plugin_vtable vtable);
+
krb5_error_code
krb5int_construct_matching_creds(krb5_context context, krb5_flags options,
krb5_creds *in_creds, krb5_creds *mcreds,
if (kcontext->preauth_context != NULL)
return;
- /* Auto-register pkinit and encrypted challenge if possible. */
+ /* Auto-register encrypted challenge and (if possible) pkinit. */
k5_plugin_register_dyn(kcontext, PLUGIN_INTERFACE_CLPREAUTH, "pkinit",
"preauth");
- k5_plugin_register_dyn(kcontext, PLUGIN_INTERFACE_CLPREAUTH,
- "encrypted_challenge", "preauth");
+ k5_plugin_register(kcontext, PLUGIN_INTERFACE_CLPREAUTH,
+ "encrypted_challenge",
+ clpreauth_encrypted_challenge_initvt);
/* Get all available clpreauth vtables. */
if (k5_plugin_load_all(kcontext, PLUGIN_INTERFACE_CLPREAUTH, &plugins))
--- /dev/null
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/preauth_ec.c - Encrypted Challenge clpreauth module */
+/*
+ * Copyright (C) 2009, 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Implement Encrypted Challenge fast factor from
+ * draft-ietf-krb-wg-preauth-framework
+ */
+
+#include <k5-int.h>
+#include <krb5/preauth_plugin.h>
+#include "fast_factor.h"
+#include "int-proto.h"
+
+static int
+preauth_flags(krb5_context context, krb5_preauthtype pa_type)
+{
+ return PA_REAL;
+}
+
+static krb5_error_code
+process_preauth(krb5_context context, krb5_clpreauth_moddata moddata,
+ krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
+ krb5_clpreauth_get_data_fn get_data_proc,
+ krb5_clpreauth_rock rock, krb5_kdc_req *request,
+ krb5_data *encoded_request_body,
+ krb5_data *encoded_previous_request, krb5_pa_data *padata,
+ krb5_prompter_fct prompter, void *prompter_data,
+ krb5_clpreauth_get_as_key_fn gak_fct, void *gak_data,
+ krb5_data *salt, krb5_data *s2kparams, krb5_keyblock *as_key,
+ krb5_pa_data ***out_padata)
+{
+ krb5_error_code retval = 0;
+ krb5_enctype enctype = 0;
+ krb5_keyblock *challenge_key = NULL, *armor_key = NULL;
+ krb5_data *etype_data = NULL;
+ krb5int_access kaccess;
+
+ if (krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION) != 0)
+ return 0;
+ retval = fast_get_armor_key(context, get_data_proc, rock, &armor_key);
+ if (retval || armor_key == NULL)
+ return 0;
+ retval = get_data_proc(context, rock, krb5_clpreauth_get_etype,
+ &etype_data);
+ if (retval == 0) {
+ enctype = *((krb5_enctype *)etype_data->data);
+ if (as_key->length == 0 ||as_key->enctype != enctype)
+ retval = gak_fct(context, request->client,
+ enctype, prompter, prompter_data,
+ salt, s2kparams,
+ as_key, gak_data);
+ }
+ if (retval == 0 && padata->length) {
+ krb5_enc_data *enc = NULL;
+ krb5_data scratch;
+ scratch.length = padata->length;
+ scratch.data = (char *) padata->contents;
+ retval = krb5_c_fx_cf2_simple(context,armor_key, "kdcchallengearmor",
+ as_key, "challengelongterm",
+ &challenge_key);
+ if (retval == 0)
+ retval =kaccess.decode_enc_data(&scratch, &enc);
+ scratch.data = NULL;
+ if (retval == 0) {
+ scratch.data = malloc(enc->ciphertext.length);
+ scratch.length = enc->ciphertext.length;
+ if (scratch.data == NULL)
+ retval = ENOMEM;
+ }
+ if (retval == 0)
+ retval = krb5_c_decrypt(context, challenge_key,
+ KRB5_KEYUSAGE_ENC_CHALLENGE_KDC, NULL,
+ enc, &scratch);
+ /*
+ * Per draft 11 of the preauth framework, the client MAY but is not
+ * required to actually check the timestamp from the KDC other than to
+ * confirm it decrypts. This code does not perform that check.
+ */
+ if (scratch.data)
+ krb5_free_data_contents(context, &scratch);
+ if (retval == 0)
+ fast_set_kdc_verified(context, get_data_proc, rock);
+ if (enc)
+ kaccess.free_enc_data(context, enc);
+ } else if (retval == 0) { /*No padata; we send*/
+ krb5_enc_data enc;
+ krb5_pa_data *pa = NULL;
+ krb5_pa_data **pa_array = NULL;
+ krb5_data *encoded_ts = NULL;
+ krb5_pa_enc_ts ts;
+ enc.ciphertext.data = NULL;
+ retval = krb5_us_timeofday(context, &ts.patimestamp, &ts.pausec);
+ if (retval == 0)
+ retval = kaccess.encode_enc_ts(&ts, &encoded_ts);
+ if (retval == 0)
+ retval = krb5_c_fx_cf2_simple(context,
+ armor_key, "clientchallengearmor",
+ as_key, "challengelongterm",
+ &challenge_key);
+ if (retval == 0)
+ retval = kaccess.encrypt_helper(context, challenge_key,
+ KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT,
+ encoded_ts, &enc);
+ if (encoded_ts)
+ krb5_free_data(context, encoded_ts);
+ encoded_ts = NULL;
+ if (retval == 0) {
+ retval = kaccess.encode_enc_data(&enc, &encoded_ts);
+ krb5_free_data_contents(context, &enc.ciphertext);
+ }
+ if (retval == 0) {
+ pa = calloc(1, sizeof(krb5_pa_data));
+ if (pa == NULL)
+ retval = ENOMEM;
+ }
+ if (retval == 0) {
+ pa_array = calloc(2, sizeof(krb5_pa_data *));
+ if (pa_array == NULL)
+ retval = ENOMEM;
+ }
+ if (retval == 0) {
+ pa->length = encoded_ts->length;
+ pa->contents = (unsigned char *) encoded_ts->data;
+ pa->pa_type = KRB5_PADATA_ENCRYPTED_CHALLENGE;
+ free(encoded_ts);
+ encoded_ts = NULL;
+ pa_array[0] = pa;
+ pa = NULL;
+ *out_padata = pa_array;
+ pa_array = NULL;
+ }
+ if (pa)
+ free(pa);
+ if (encoded_ts)
+ krb5_free_data(context, encoded_ts);
+ if (pa_array)
+ free(pa_array);
+ }
+ if (challenge_key)
+ krb5_free_keyblock(context, challenge_key);
+ if (armor_key)
+ krb5_free_keyblock(context, armor_key);
+ if (etype_data != NULL)
+ get_data_proc(context, rock, krb5_clpreauth_free_etype, &etype_data);
+ return retval;
+}
+
+
+krb5_preauthtype supported_pa_types[] = {
+ KRB5_PADATA_ENCRYPTED_CHALLENGE, 0};
+
+krb5_error_code
+clpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
+ int min_ver, krb5_plugin_vtable vtable)
+{
+ krb5_clpreauth_vtable vt;
+
+ if (maj_ver != 1)
+ return KRB5_PLUGIN_VER_NOTSUPP;
+ vt = (krb5_clpreauth_vtable)vtable;
+ vt->name = "encrypted_challenge";
+ vt->pa_type_list = supported_pa_types;
+ vt->flags = preauth_flags;
+ vt->process = process_preauth;
+ return 0;
+}
+++ /dev/null
-mydir=plugins$(S)preauth$(S)encrypted_challenge
-BUILDTOP=$(REL)..$(S)..$(S)..
-KRB5_RUN_ENV = @KRB5_RUN_ENV@
-KRB5_CONFIG_SETUP = KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; export KRB5_CONFIG ;
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-MODULE_INSTALL_DIR = $(KRB5_PA_MODULE_DIR)
-DEFS=@DEFS@
-
-LOCALINCLUDES = -I../../../include/krb5 -I.
-
-LIBBASE=encrypted_challenge
-LIBMAJOR=0
-LIBMINOR=0
-SO_EXT=.so
-RELDIR=../plugins/preauth/encrypted_challenge
-# Depends on libk5crypto and libkrb5
-SHLIB_EXPDEPS = \
- $(TOPLIBD)/libk5crypto$(SHLIBEXT) \
- $(TOPLIBD)/libkrb5$(SHLIBEXT)
-SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto $(SUPPORT_LIB) $(LIBS)
-
-SHLIB_DIRS=-L$(TOPLIBD)
-SHLIB_RDIRS=$(KRB5_LIBDIR)
-STOBJLISTS=OBJS.ST
-STLIBOBJS=encrypted_challenge_main.o
-
-SRCS= $(srcdir)/encrypted_challenge_main.c
-
-all-unix:: all-liblinks
-install-unix:: install-libs
-clean-unix:: clean-libs clean-libobjs
-
-clean::
- $(RM) lib$(LIBBASE)$(SO_EXT)
-
-@libnover_frag@
-@libobj_frag@
-
+++ /dev/null
-#
-# Generated makefile dependencies follow.
-#
-encrypted_challenge_main.so encrypted_challenge_main.po \
- $(OUTPRE)encrypted_challenge_main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../fast_factor.h \
- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h encrypted_challenge_main.c
+++ /dev/null
-clpreauth_encrypted_challenge_initvt
-kdcpreauth_encrypted_challenge_initvt