Remove the kasetkey client for setting keys in an AFS kaserver

5 files changed, 7 insertions, 762 deletions

diff --git a/Makefile.am b/Makefile.am
index 1465a9b..b647349 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -34,8 +34,7 @@ EXTRA_DIST = LICENSE autogen client/wallet.pod config/allow-extract \
 	config/keytab config/keytab.acl config/wallet docs/design \
 	contrib/README contrib/wallet-report contrib/wallet-report.8 \
 	docs/design-acl docs/design-api docs/netdb-role-api docs/notes \
-	docs/setup examples/stanford.conf kasetkey/README \
-	kasetkey/kasetkey.pod $(PERL_FILES) $(TEST_FILES)
+	docs/setup examples/stanford.conf $(PERL_FILES) $(TEST_FILES)
 
 noinst_LIBRARIES = portable/libportable.a util/libutil.a
 portable_libportable_a_SOURCES = portable/dummy.c portable/macros.h \
@@ -58,15 +57,6 @@ client_wallet_LDADD = util/libutil.a portable/libportable.a $(REMCTL_LIBS) \
 dist_man_MANS = client/wallet.1 server/keytab-backend.8 \
 	server/wallet-admin.8 server/wallet-backend.8
 
-if AFS
-sbin_PROGRAMS = kasetkey/kasetkey
-kasetkey_kasetkey_CPPFLAGS = $(AFS_CPPFLAGS) $(KRB4_CPPFLAGS)
-kasetkey_kasetkey_LDFLAGS = $(AFS_LDFLAGS) $(KRB4_LDFLAGS)
-kasetkey_kasetkey_LDADD = util/libutil.a portable/libportable.a $(AFS_LIBS) \
-	$(KRB4_LIBS)
-dist_man_MANS += kasetkey/kasetkey.8
-endif
-
 $(srcdir)/client/wallet.1: $(srcdir)/client/wallet.pod
 	pod2man --release=$(VERSION) --center="Administrative Commands" \
 	    --section=1 $(srcdir)/client/wallet.pod > $@
@@ -75,10 +65,6 @@ $(srcdir)/contrib/wallet-report.8: $(srcdir)/contrib/wallet-report
 	pod2man --release=$(VERSION) --center="Administrative Commands" \
 	    --section=8 $(srcdir)/contrib/wallet-report > $@
 
-$(srcdir)/kasetkey/kasetkey.8: $(srcdir)/kasetkey/kasetkey.pod
-	pod2man --release=$(VERSION) --center="Administrative Commands" \
-	    --section=8 $(srcdir)/kasetkey/kasetkey.pod > $@
-
 $(srcdir)/server/keytab-backend.8: $(srcdir)/server/keytab-backend
 	pod2man --release=$(VERSION) --center="Administrative Commands" \
 	    --section=8 $(srcdir)/server/keytab-backend > $@
@@ -104,10 +90,10 @@ warnings:
 
 # Remove some additional files.
 DISTCLEANFILES = perl/Makefile
-MAINTAINERCLEANFILES = Makefile.in aclocal.m4 config.h.in config.h.in~ \
-	configure client/wallet.1 kasetkey/kasetkey.8 \
-	server/keytab-backend.8	server/wallet-backend.8 tools/compile \
-	tools/depcomp tools/install-sh tools/missing
+MAINTAINERCLEANFILES = Makefile.in aclocal.m4 config.h.in config.h.in~	     \
+	configure client/wallet.1 server/keytab-backend.8		     \
+	server/wallet-backend.8 tools/compile tools/depcomp tools/install-sh \
+	tools/missing
 
 # Take appropriate actions in the Perl directory as well.  We don't want to
 # always build the Perl directory in all-local, since otherwise Automake does
diff --git a/NEWS b/NEWS
index c6b3a9d..60c0945 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,8 @@ wallet 0.10 (unreleased)
     deploying Heimdal with its internal kaserver compatibility is probably
     an easier transition approach.
 
+    Remove the kasetkey client for setting keys in an AFS kaserver.
+
     Correctly handle storing of data that begins with a dash and don't
     parse it as an argument to wallet-backend.
 
diff --git a/kasetkey/README b/kasetkey/README
deleted file mode 100644
index 3ead85d..0000000
--- a/kasetkey/README
+++ /dev/null
@@ -1,13 +0,0 @@
-This program used to be called gen_srvtab and was the backend used by the
-old sysctl-based srvtab distribution system.  It can either load a key
-from a srvtab and push it into the AFS kaserver or generate a random key,
-push it into the AFS kaserver, and then write it out as a srvtab.  It has
-a lot of strange issues (such as deleting and then recreating keys rather
-than changing the key and incrementing the kvno), but it works.
-
-This program only works with the AFS kaserver and requires the AFS
-libraries to compile.
-
-I haven't yet done the work to make compilation optional based on whether
-one wants to build kaserver support (or worked out how that will be
-configured in general).  That's for later.
diff --git a/kasetkey/kasetkey.c b/kasetkey/kasetkey.c
deleted file mode 100644
index b798680..0000000
--- a/kasetkey/kasetkey.c
+++ /dev/null
@@ -1,582 +0,0 @@
-/*
- * Create or change a principal and/or generate a srvtab.
- *
- * Sets the key of a principal in the AFS kaserver given a srvtab, enables or
- * disables a principal, or displays information about a principal in an AFS
- * kaserver.
- *
- * Written by Roland Schemers <schemers@stanford.edu>
- * Updated by Russ Allbery <rra@stanford.edu>
- * Updated again by Anton Ushakov  <antonu@stanford.edu>
- * Copyright 1994, 1998, 1999, 2000, 2006, 2007, 2008
- *     Board of Trustees, Leland Stanford Jr. University
- *
- * See LICENSE for licensing terms.
- */
-
-#include <config.h>
-#include <portable/system.h>
-
-#include <errno.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-
-#ifdef HAVE_KERBEROSIV_KRB_H
-# include <kerberosIV/krb.h>
-#else
-# include <krb.h>
-#endif
-
-#include <afs/stds.h>
-#include <afs/kauth.h>
-#include <afs/kautils.h>
-#include <afs/cellconfig.h>
-#include <ubik.h>
-
-#include <util/util.h>
-
-/* Normally set by the AFS libraries. */
-#ifndef SNAME_SZ
-# define SNAME_SZ       40
-# define INST_SZ        40
-# define REALM_SZ       40
-#endif
-
-/*
- * AFS currently doesn't prototype this function.  Cheat on the first argument
- * since it actually takes a function with a completely variable argument
- * list.
- */
-#if !HAVE_DECL_UBIK_CALL
-afs_int32 ubik_Call(void *, struct ubik_client *, afs_int32, ...);
-#endif
-
-/* The name of the program, for error reporting. */
-static const char *program = NULL;
-
-/* Some global state information. */
-struct config {
-    char *local_cell;
-    int debug;                  /* Whether to enable debugging. */
-    int init;                   /* Keyfile initialization. */
-    int random;                 /* Randomize the key. */
-    int tgs;                    /* Enable the principal. */
-    int notgs;                  /* Disable the princial. */
-    char *keyfile;              /* Name of srvtab to use. */
-    char *admin;                /* Name of ADMIN user to use. */
-    char *password;             /* Password to use. */
-    char *srvtab;               /* srvtab file to generate. */
-    char *service;              /* Principal to create/enable. */
-    char *delete;               /* Principal to delete. */
-    char *examine;              /* Principal to examine. */
-    char *k5srvtab;             /* K5 converted srvtab to read for key. */
-};
-
-/* Usage message.  Pass in the program name four times. */
-static const char usage_message[] = "\
-Usage: %s [options]\n\
-  -a adminuser     Admin user\n\
-  -c k5srvtab      Use the key from the given srvtab (for sync w/ K5)\n\
-  -D service       Name of service to delete\n\
-  -d               Turn on debugging\n\
-  -e principal     Examine the given principal\n\
-  -f srvtab        Name of srvtab file to create\n\
-  -h               This help\n\
-  -i               Initialize DES key file\n\
-  -k keyfile       File containing srvtab for admin user\n\
-  -n               Set the principal NOTGS\n\
-  -p password      Use given password to create key\n\
-  -r               Use random key\n\
-  -s service       Name of service to create\n\
-  -t               Set the principal TGS\n\
-  -v               Print version\n\
-\n\
-To create a srvtab for rcmd.slapshot and be prompted for the admin\n\
-passowrd:\n\
-\n\
-    %s -f srvtab.rcmd.slapshot -s rcmd.slapshot -r\n\
-\n\
-To create a srvtab from within a script you must stash the DES key\n\
-in a srvtab with:\n\
-\n\
-    %s -a admin -i -k /.adminkey\n\
-\n\
-and then create a srvtab for rcmd.slapshot with:\n\
-\n\
-    %s -k /.adminkey -a admin -r -f srvtab -s rcmd.slapshot\n\
-\n";
-
-
-/*
- * Print out the usage message and then exit with the status given as the only
- * argument.  If status is zero, the message is printed to standard output;
- * otherwise, it is sent to standard error.
- */
-static void
-usage(int status)
-{
-    if (program == NULL)
-        program = "";
-    fprintf((status == 0) ? stdout : stderr, usage_message,
-            program, program, program, program);
-    exit(status);
-}
-
-
-/*
- * Parse a principal name into name, inst, and cell, filling in the cell from
- * local_cell if none was given.  cell here is actually a realm and shouldn't
- * need any further conversion.
- */
-static void
-parse_principal(struct config *config, char *principal, char *name,
-                char *inst, char *cell)
-{
-    long code;
-    int local;
-
-    code = ka_ParseLoginName(principal, name, inst, cell);
-    if (config->debug)
-        printf("ka_ParseLoginName %ld\n", code);
-    if (code != 0)
-        die("can't parse principal %s", principal);
-    if (cell[0] == '\0') {
-        if (ka_CellToRealm(config->local_cell, cell, &local) == KANOCELL)
-            die("unable to determine realm from local cell");
-    }
-}
-
-
-/*
- * Given a srvtab file name, the principal, the kvno, and the key, write out a
- * new srvtab file.  Dies on any error.
- */
-static void
-write_srvtab(const char *filename, const char *name, const char *inst,
-             char *cell, unsigned char kvno, struct ktc_encryptionKey *key)
-{
-    int fd;
-
-    fd = open(filename, O_WRONLY | O_CREAT, 0600);
-    if (fd == -1)
-        sysdie("can't create srvtab %s", filename);
-    if (write(fd, name, strlen(name) + 1) != (ssize_t) strlen(name) + 1)
-        sysdie("can't write to srvtab %s", filename);
-    if (write(fd, inst, strlen(inst) + 1) != (ssize_t) strlen(inst) + 1)
-        sysdie("can't write to srvtab %s", filename);
-    if (write(fd, cell, strlen(cell) + 1) != (ssize_t) strlen(cell) + 1)
-        sysdie("can't write to srvtab %s", filename);
-    if (write(fd, &kvno, 1) != 1)
-        sysdie("can't write to srvtab %s", filename);
-    if (write(fd, key, sizeof(*key)) != sizeof(*key))
-        sysdie("can't write to srvtab %s", filename);
-    if (close(fd) != 0)
-        sysdie("can't close srvtab %s", filename);
-}
-
-
-/*
- * Initialize a DES keyfile from a password.  If the password wasn't given via
- * a command-line option, prompt for it.
- */
-static void
-initialize_admin_srvtab(struct config *config)
-{
-    struct ktc_encryptionKey key;
-    char name[MAXKTCNAMELEN];
-    char inst[MAXKTCNAMELEN];
-    char cell[MAXKTCNAMELEN];
-    long code;
-
-    if (config->keyfile == NULL || config->admin == NULL)
-        usage(1);
-
-    /* Get the password, one way or another. */
-    parse_principal(config, config->admin, name, inst, cell);
-    if (config->password != NULL) {
-        ka_StringToKey(config->password, cell, &key);
-        memset(config->password, 0, strlen(config->password));
-    } else {
-        char buffer[MAXKTCNAMELEN * 3 + 40];
-
-        sprintf(buffer,"password for %s: ", config->admin);
-        code = ka_ReadPassword(buffer, 1, cell, &key);
-        if (code != 0)
-            die("can't read password");
-    }
-
-    /* Create the admin srvtab, removing any old one if one exists. */
-    unlink(config->keyfile);
-    write_srvtab(config->keyfile, name, inst, cell, 0, &key);
-    exit(0);
-}
-
-
-/*
- * Takes the configuration struct and obtains an admin token, which it stores
- * in the second parameter.  Dies on any failure.
- */
-static void
-authenticate(struct config *config, struct ktc_token *token)
-{
-    char name[MAXKTCNAMELEN];
-    char inst[MAXKTCNAMELEN];
-    char cell[MAXKTCNAMELEN];
-    long code;
-    struct ktc_encryptionKey key;
-
-    /* Get the admin password one way or the other. */
-    parse_principal(config, config->admin, name, inst, cell);
-    if (config->keyfile) {
-        code = read_service_key(name, inst, cell, 0, config->keyfile,
-                                (char *) &key);
-        if (config->debug)
-            printf("read_service_key %ld\n", code);
-        if (code != 0)
-            die("can't get key for %s.%s@%s from srvtab %s", name, inst,
-                cell, config->keyfile);
-    } else {
-        char buffer[MAXKTCNAMELEN * 3 + 40];
-
-        sprintf(buffer, "password for %s: ", config->admin);
-        code = ka_ReadPassword(buffer, 0, cell, &key);
-        if (code)
-            die("can't read password");
-    }
-
-    /* Now, get the admin token. */
-    code = ka_GetAdminToken(name, inst, cell, &key, 300, token, 1);
-    memset(&key, 0, sizeof(key));
-    if (config->debug)
-        printf("ka_GetAdminToken %ld\n", code);
-    if (code != 0)
-        die("can't get admin token");
-}
-
-
-/*
- * Delete a principal out of the AFS kaserver.
- */
-static void
-delete_principal(struct config *config)
-{
-    struct ktc_token token;
-    struct ubik_client *conn;
-    char name[MAXKTCNAMELEN];
-    char inst[MAXKTCNAMELEN];
-    char cell[MAXKTCNAMELEN];
-    long code;
-
-    /* Make connection to AuthServer. */
-    authenticate(config, &token);
-    parse_principal(config, config->delete, name, inst, cell);
-    code = ka_AuthServerConn(cell, KA_MAINTENANCE_SERVICE, &token, &conn);
-    if (config->debug)
-        printf("ka_AuthServerConn %s %ld\n", cell, code);
-    if (code != 0)
-        die("can't make connection to auth server");
-
-    /* Delete the user. */
-    code = ubik_Call(KAM_DeleteUser, conn, 0, name, inst);
-    if (config->debug)
-        printf("ubik_Call KAM_DeleteUser %ld\n", code);
-    if (code != 0 && code != KANOENT)
-        die("can't delete existing instance");
-    code = ubik_ClientDestroy(conn);
-    exit(0);
-}
-
-
-/*
- * Format a date.  The output format expects ctime-style date formatting, so
- * we use that.  Takes a buffer into which to put the date.  There will be a
- * trailing newline.
- */
-static void
-format_date(char *buffer, size_t size, time_t date)
-{
-    if (date == (time_t) NEVERDATE)
-        strlcpy(buffer, "never\n", size);
-    else
-        strlcpy(buffer, ctime(&date), size);
-}
-
-
-/*
- * Enable or disable a principal in the AFS kaserver (by setting or clearing
- * the NOTGS flag).  The second argument says to enable if it's true, disable
- * otherwise.
- */
-static void
-enable_principal(struct config *config, int enable)
-{
-    struct ktc_token token;
-    struct ubik_client *conn;
-    struct kaentryinfo entry;
-    char name[MAXKTCNAMELEN];
-    char inst[MAXKTCNAMELEN];
-    char cell[MAXKTCNAMELEN];
-    long code;
-
-    /* Make connection to AuthServer. */
-    authenticate(config, &token);
-    parse_principal(config, config->service, name, inst, cell);
-    code = ka_AuthServerConn(cell, KA_MAINTENANCE_SERVICE, &token, &conn);
-    if (config->debug)
-        printf("ka_AuthServerConn %s %ld\n", cell, code);
-    if (code != 0)
-        die("can't make connection to auth server");
-
-    /* Retrieve the principal information. */
-    code = ubik_Call(KAM_GetEntry, conn, 0, name, inst, KAMAJORVERSION,
-                     &entry);
-    if (config->debug)
-        printf("ubik_Call KAM_GetEntry %ld\n", code);
-    if (code != 0)
-        die("can't retrieve current flags");
-
-    /* Set the flags. */
-    if (enable)
-        entry.flags &= ~KAFNOTGS;
-    else
-        entry.flags |= KAFNOTGS;
-    code = ubik_Call(KAM_SetFields, conn, 0, name, inst, entry.flags, 0, 0,
-                     -1, 0, 0);
-    if (config->debug)
-        printf("ubik_Call KAM_SetFields %ld\n", code);
-    if (code != 0)
-        die("can't %s principal", enable ? "enable" : "disable");
-    code = ubik_ClientDestroy(conn);
-    exit(0);
-}
-
-
-/*
- * Examine a principal.  The output format is compatible with the old Stanford
- * Kerberos v4 kadmin, which may be compatible with Kerberos v4 kadmin in
- * general (I haven't checked).
- */
-static void
-examine_principal(struct config *config)
-{
-    struct ktc_token token;
-    struct ubik_client *conn;
-    struct kaentryinfo entry;
-    char name[MAXKTCNAMELEN];
-    char inst[MAXKTCNAMELEN];
-    char cell[MAXKTCNAMELEN];
-    long code;
-    char edate[64], cdate[64], mdate[64];
-
-    /* Make connection to AuthServer. */
-    authenticate(config, &token);
-    parse_principal(config, config->examine, name, inst, cell);
-    code = ka_AuthServerConn(cell, KA_MAINTENANCE_SERVICE, &token, &conn);
-    if (config->debug)
-        printf("ka_AuthServerConn %s %ld\n", cell, code);
-    if (code != 0)
-        die("can't make connection to auth server");
-
-    /* Retrieve and format the entry. */
-    code = ubik_Call(KAM_GetEntry, conn, 0, name, inst, KAMAJORVERSION,
-                     &entry);
-    if (config->debug)
-        printf("ubik_Call KAM_GetEntry %ld\n", code);
-    if (code != 0) {
-        if (code == KANOENT)
-            die("no such entry in the database");
-        else
-            die("can't retrieve principal information");
-    }
-    format_date(edate, sizeof(edate), entry.user_expiration);
-    format_date(mdate, sizeof(cdate), entry.modification_time);
-    format_date(cdate, sizeof(mdate), entry.change_password_time);
-    printf("status: %s\n", (entry.flags & KAFNOTGS) ? "disabled" : "enabled");
-    printf("account expiration: %s", edate);
-    printf("password last changed: %s", cdate);
-    printf("modification time: %s", mdate);
-    printf("modified by: %s%s%s\n", entry.modification_user.name,
-           (entry.modification_user.instance[0] != '\0') ? "." : "",
-           entry.modification_user.instance);
-    code = ubik_ClientDestroy(conn);
-    exit(0);
-}
-
-
-/*
- * Create a new principal in the AFS kaserver (deleting it and recreating it
- * if it already exists) with either the indicated key or with a random key,
- * and then write out a srvtab for that principal.  Also supported is reading
- * the key from an existing srvtab (likely created via Kerberos v5 kadmin from
- * a keytab).
- */
-static void
-generate_srvtab(struct config *config)
-{
-    struct ktc_token token;
-    struct ubik_client *conn;
-    char name[MAXKTCNAMELEN];
-    char inst[MAXKTCNAMELEN];
-    char cell[MAXKTCNAMELEN];
-    long code;
-    struct ktc_encryptionKey key;
-
-    /* Make connection to AuthServer. */
-    authenticate(config, &token);
-    parse_principal(config, config->service, name, inst, cell);
-    code = ka_AuthServerConn(cell, KA_MAINTENANCE_SERVICE, &token, &conn);
-    if (config->debug)
-        printf("ka_AuthServerConn %s %ld\n", cell, code);
-    if (code != 0)
-        die("can't make connection to auth server");
-
-    /* Get the key for the principal we're creating. */
-    if (config->k5srvtab != NULL) { 
-        char buffer[SNAME_SZ * 4];
-        char *p;
-        char sname[SNAME_SZ];
-        char sinst[INST_SZ];
-        char srealm[REALM_SZ];
-        unsigned char kvno;
-        FILE *srvtab;
-
-        /* Read the whole converted srvtab into memory. */
-        srvtab = fopen(config->k5srvtab, "r");
-        if (srvtab == NULL)
-            sysdie("can't open converted srvtab %s", config->k5srvtab);
-        if (fgets(buffer, sizeof(buffer), srvtab) == NULL)
-            sysdie("can't read converted srvtab %s", config->k5srvtab);
-        fclose(srvtab);
-
-        /* Now parse it.  Fields are delimited by NUL. */
-        p = buffer;
-        strncpy(sname, p, SNAME_SZ - 1);
-        sname[sizeof(sname) - 1] = '\0';
-        p += strlen(sname) + 1;
-        strncpy(sinst, p, INST_SZ - 1);
-        sinst[sizeof(sinst) - 1] = '\0';
-        p += strlen(sinst) + 1;
-        strncpy(srealm, p, REALM_SZ - 1);
-        srealm[sizeof(srealm) - 1] = '\0';
-        p += strlen(srealm) + 1;
-        memcpy(&kvno, p, sizeof(unsigned char));
-        p += sizeof(unsigned char);
-        memcpy(key.data, p, sizeof(key));
-        memset(buffer, 0, sizeof(buffer));
-    } else if (config->random) {
-        code = ubik_Call(KAM_GetRandomKey, conn, 0, &key);
-        if (config->debug)
-            printf("ubik_Call KAM_GetRandomKey %ld\n", code);
-        if (code != 0)
-            die("can't get random key");
-    } else {
-        code = ka_ReadPassword((char *) "service password: ", 1, cell, &key);
-        if (code != 0)
-            die("can't read password");
-    }
-
-    /*
-     * Now, we have the key.  Try to create the principal.  If it already
-     * exists, try deleting it first and then creating it again.
-     */
-    code = ubik_Call(KAM_CreateUser, conn, 0, name, inst, key);
-    if (config->debug)
-        printf("ubik_Call KAM_CreateUser %ld\n", code);
-    if (code == KAEXIST) {
-        code = ubik_Call(KAM_DeleteUser, conn, 0, name, inst);
-        if (config->debug)
-            printf("ubik_Call KAM_DeleteUser %ld\n", code);
-        if (code != 0)
-            die("can't delete existing instance");
-        code = ubik_Call(KAM_CreateUser, conn, 0, name, inst, key);
-        if (config->debug)
-            printf("ubik_Call KAM_CreateUser %ld\n", code);
-    }
-    if (code != 0)
-        die("can't create user");
-    code = ubik_ClientDestroy (conn);
-
-    /* Create the srvtab file.  Don't bother if we have a converted one. */
-    if (config->srvtab && !config->k5srvtab) {
-        unsigned char kvno = 0;
-
-        /* Make a backup copy of any existing one, just in case. */
-        if (access(config->srvtab, F_OK) == 0) {
-            char backup[MAXPATHLEN];
-
-            snprintf(backup, sizeof(backup), "%s.bak", config->srvtab);
-            if (rename(config->srvtab, backup) != 0)
-                sysdie("can't create backup srvtab %s", backup);
-        }
-        write_srvtab(config->srvtab, name, inst, cell, kvno, &key);
-    }
-    memset(&key, 0, sizeof(key));
-    exit(0);
-}
-
-
-int
-main(int argc, char *argv[])
-{
-    long code;
-    int opt;
-    struct config config;
- 
-    /* Initialize, get our local cell, etc. */
-    memset(&config, 0, sizeof(config));
-    code = ka_Init(0);
-    config.local_cell = ka_LocalCell();
-    if (config.local_cell == NULL || code != 0)
-        die("can't initialize");
-
-    /* Parse options. */
-    while ((opt = getopt(argc, argv, "a:c:D:de:f:hik:np:rs:tv")) != EOF) {
-        switch (opt) {
-        case 'a': config.admin = optarg;        break;
-        case 'c': config.k5srvtab = optarg;     break;
-        case 'D': config.delete = optarg;       break;
-        case 'd': config.debug = 1;             break;
-        case 'e': config.examine = optarg;      break;
-        case 'f': config.srvtab = optarg;       break;
-        case 'i': config.init = 1;              break;
-        case 'k': config.keyfile = optarg;      break;
-        case 'n': config.notgs = 1;             break;
-        case 'p': config.password = optarg;     break;
-        case 'r': config.random = 1;            break;
-        case 's': config.service = optarg;      break;
-        case 't': config.tgs = 1;               break;
-
-        /* Usage doesn't return. */
-        case 'h':
-            usage(0);
-        case 'v':
-            printf("kasetkey %s\n", PACKAGE_VERSION);
-            exit(0);
-        default:
-            usage(1);
-        }
-    }
-
-    /* Take the right action. */
-    if (config.random && config.k5srvtab)
-        usage(1);
-    if (config.notgs && config.tgs)
-        die("cannot set principal both TGS and NOTGS at the same time");
-    if ((config.notgs || config.tgs) && config.service == NULL)
-        die("must specify a principal with -s");
-    if (config.debug)
-        fprintf(stdout, "cell: %s\n", config.local_cell);
-    if (config.init)
-        initialize_admin_srvtab(&config);
-    else if (config.tgs || config.notgs)
-        enable_principal(&config, config.tgs);
-    else if (config.examine != NULL)
-        examine_principal(&config);
-    else if (config.service != NULL)
-        generate_srvtab(&config);
-    else if (config.delete != NULL)
-        delete_principal(&config);
-    else
-        usage(1);
-    exit(0);
-}
diff --git a/kasetkey/kasetkey.pod b/kasetkey/kasetkey.pod
deleted file mode 100644
index dcaa8b4..0000000
--- a/kasetkey/kasetkey.pod
+++ /dev/null
@@ -1,148 +0,0 @@
-=head1 NAME
-
-kasetkey - Manipulate AFS kaserver service principal keys
-
-=head1 SYNOPSIS
-
-B<kasetkey> [B<-dhv>] B<-a> I<admin> B<-i> [B<-p> I<password>]
-    B<-k> I<keyfile>
-
-B<kasetkey> [B<-dhv>] B<-a> I<admin> [B<-k> I<keyfile>] B<-D> I<service>
-
-B<kasetkey> [B<-dhv>] B<-a> I<admin> [B<-k> I<keyfile>]
-    [ B<-c> I<k5srvtab> | B<-r> ] B<-s> I<service> B<-f> I<srvtab>
-
-=head1 DESCRIPTION
-
-B<kasetkey> manipulates principals in an AFS kaserver, usually service
-principals.  It's primarily designed for automatic generation of srvtabs
-for keys without regular passwords, but it can be used to do other
-automated tasks, authenticating from a srvtab.
-
-To start using B<kasetkey>, obtain a srvtab for a principal with the ADMIN
-flag set in the AFS kaserver.  Such a srvtab can be created from the
-password of that principal using B<kasetkey> with the B<-i> flag.  Then,
-use B<-s> to create a srvtab for a particular principal or B<-D> to delete
-a principal from the Kerberos database, passing via B<-k> the path to the
-srvtab containing the key for an ADMIN principal.  If you don't use B<-k>,
-B<kasetkey> will prompt you for the password of the given ADMIN principal.
-
-When generating a srvtab for a particular principal using B<-s>, you have
-your choice of ways of setting the key for that principal.  The default is
-to prompt you for a password, but usually that's not what you want.
-Provide the B<-r> flag to set a random key, which is normally what you
-want to do for a pure Kerberos v4 principal.  When synchronizing Kerberos
-v5 with Kerberos v4, generate a keytab in Kerberos v5, convert it to a
-srvtab using B<ktutil>, and then provide that srvtab to B<kasetkey> with
-the B<-c> flag.  B<kasetkey> will then set the key in the AFS kaserver to
-match.
-
-B<kasetkey> uses a simple, brute-force approach to setting keys in the AFS
-kaserver.  It creates the principal if it doesn't already exist, and if it
-does already exist, it deletes it and then recreates it.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-a> I<admin>
-
-The user as whom changes should be performed.  This user must have the
-ADMIN flag set in the AFS kaserver.
-
-=item B<-c> I<srvtab>
-
-When creating a service principal using B<-s>, take the key for that
-principal from I<srvtab>.  I<srvtab> must contain a DES key and can be
-created via B<ktutil> from a Kerberos v5 keytab.
-
-=item B<-D> I<service>
-
-Delete the principal I<service> from the AFS kaserver.
-
-=item B<-d>
-
-Turn on debugging.  This prints out more information about the exit status
-of all of the API calls used.
-
-=item B<-f> I<srvtab>
-
-Where to write the srvtab for a newly created (or modified) principal.
-Used only with B<-s>.
-
-=item B<-h>
-
-Display an option summary and a few examples and then exit.
-
-=item B<-i>
-
-Initialize a srvtab.  Takes the user from B<-a> and either prompts for the
-password or takes it from the B<-p> flag.  Writes out the srvtab to the
-path given to B<-k>.
-
-=item B<-k> I<srvtab>
-
-The srvtab to use to authenticate.  The key in the srvtab must be the key
-for the user given with B<-a>.
-
-=item B<-p> I<password>
-
-The password for the user for which a srvtab is being initialized.  This
-is only used with the B<-i> flag.
-
-=item B<-r>
-
-When generating a new srvtab with B<-s>, randomize the key for that user.
-
-=item B<-s> I<service>
-
-Create a new srvtab for the principal I<service>.  If this principal
-already exists, it's deleted and recreated.  Takes the key for the
-principal from the srvtab specified with B<-c>, randomizes it if B<-r> is
-given, or prompts for it.
-
-=item B<-v>
-
-Prints the version of B<kasetkey> and exits.
-
-=back
-
-=head1 EXAMPLES
-
-To create a srvtab for rcmd.slapshot and be prompted for the admin
-passowrd:
-
-    kasetkey -f srvtab.rcmd.slapshot -s rcmd.slapshot -r
-
-To create a srvtab from within a script you must stash the DES key
-in a srvtab with:
-
-    kasetkey -a admin -i -k /.adminkey
-
-(which will prompt you for the password) and then create a srvtab for
-rcmd.slapshot with:
-
-    kasetkey -k /.adminkey -a admin -r -f srvtab -s rcmd.slapshot
-
-=head1 CAVEATS
-
-The error reporting of this program is not great.  If an action fails, run
-it again with the B<-d> flag, which will print out the return status of
-every AFS operation.  You can then pass the failing error code to the
-B<translate_et> program, installed with AFS, to translate the code into an
-error message.
-
-=head1 SEE ALSO
-
-kas(8), kaserver(8), ktutil(8)
-
-This program is part of the wallet system.  The current version is available
-from L<http://www.eyrie.org/~eagle/software/wallet/>.
-
-=head1 AUTHORS
-
-Originally written by Roland Schemers.  Revised to use srvtabs rather than
-simple DES keys and to support principal deletion by Russ Allbery
-<rra@stanford.edu>, who currently maintains it.
-
-=cut