=====================================================================
PuTTY with GSSAPI and Kerberos - Installer
January 2005
=====================================================================

Copyright (c) 2002-2005 Certified Security Solutions, Inc.

This document contains:

    1. Information describing this package.
    2. System requirements for operating the package.
    3. Installation information.
    4. Feature overview.
    5. Copyright information.

======================================================================
Description
======================================================================

This package contains extensions to the PuTTY client application that
add support for GSSAPI authentication with the SSH v2 protocol, and
Kerberos 5 authentication with the SSH v1 protocol.


======================================================================
Change History
======================================================================
January 2005 release (CSS_kerberos5_gssapi_beta_056b2)
  - Built into PuTTY as a default the GSSAPI-SSPI authentication
    capability, eliminating the need for dynamic loading the SSPI
    plugin when accessing that authentication mechanism.  The dynamic
    plugin interface will first attempt to load "plugingss.dll", and will
    use that plugin when successfully loaded, or will use the default 
    built-in GSSAPI-SSPI mechanism when the plugin is not found or
    the load fails.

November 15 2004 release (CSS_kerberos5_gssapi_beta_056b1)
  - Added /MD flag to compile to fix PuTTY "Application not 
    responding" error when a fatal SSH server error is received.

November 2004 release (CSS_kerberos5_gssapi_beta_056):
  - Merged with security hole fix release of PuTTY, version beta 0.56
    released on 2004-10-26.

  - Enhanced the MIT GSSAPI plugin to retrieve an initial Kerberos
    Ticket Granting Ticket from the Windows 2000/2003 LSA cache
    when possible.

October 2004 release (CSS_kerbers5_gssapi_beta_055b1):
  - Added gssapi-with-mic protocol support for interoperability with
    OpenSSH 3.8p1 and OpenSSH 3.9p1.
  
  - Changed GSSAPI patch licensing terms from Certified Security
    Solutions (CSS) Commercial Software License Agreement (CSLA) to
    Modified BSD license.

August 2004 release (CSS_kerberos5_gssapi_beta_055):
  - Merged with security hole fix release of PuTTY, version beta 0.55.

February 2004 release (CSS_kerberos5_gssapi_beta_054):
  - Merged PuTTY release beta 0.54 changes.

  - Fixed GSSAPI authentication when connecting to a host using a
    "dotted quad" IP address.

  - Build the host service principal name using the lower cased
    fully qualified domain name of the remote system when performing
    GSSAPI authentication.

October 2003 release (CSS_kerberos5_gssapi_053b1:
  - Modifications needed to interoperate with OpenSSH 3.7p1 GSSAPI
    integration.

September 2003 release (CSS_kerberos5_gssapi_053b):
  - Error message box displayed during failed GSSAPI authentication could
    not be dismissed by pressing OK button.  Fixed.

  - Translate SSPI/GSSAPI error codes to text messages.

  - Merged all PuTTY release beta 0.53b and release beta 0.53 changes.  The
    detailed PuTTY project change log is located here:

      http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

November 2002 release  (CSS_kerberos5_gssapi_052):
  - Integrated Kerberos 5 and GSSAPI/SSPI authentication with PuTTY
    release beta 0.52.

======================================================================
Known Issues
======================================================================

Error: "protocol error: rcvd type 61"
   The standard clock skew error may not appear during SSH gssapi
   authentication when the time on the target UNIX host is out of sync
   with the time on the Windows server. The error may instead be:
      Server sent disconnect message type 2
      (SSH_DISCONNECT_PROTOCOL_ERROR): "protocol error: rcvd type 61"
   This error is known to occur on Windows 2000 clients with SP4
   installed.

OpenSSH session disconnect from HP-UX host with large number of PTYs
   When a connection to an HP-UX host is attempted, the target openssh
   server may terminate the connection during authentication (with or
   without gssapi) when the HP-UX host has a large (non-default)
   number of PTYs configured.

The Alcatel IP Telephone application (A4980.exe) and the Logitech
   iTouch keyboard driver (iTouch.exe) have both been observed to
   interfere with the plugin load functionality of PuTTY, causing
   all GSSAPI authentication mechanisms to fail.


======================================================================
Contents
======================================================================

This package contains the following files:

  putty_0-56b2_installer/setup.exe
  putty_0-56b2_installer/README.txt


======================================================================
Prerequisites
======================================================================

This package will install and operate on Windows 95 through  Windows XP.
However, the GSSAPI/SSPI plugin will only work with Windows 2000, or
later releases.

Should this installer package not suit your needs, you can use the PuTTY 
Unbundled Binary Files Package:

http://www.css-security.com/downloads/putty_0-56b2_binaries.zip

GSSAPI Authentication -- To use GSSAPI authentication with an SSH
server, the SSH server must support the SSH v2 protocol, and must be
built with GSSAPI support using the patch written by Simon Wilkinson
(see Links section, below). GSSAPI interoperability has been tested
with OpenSSH 3.4p1.

Kerberos 5 Authentication -- Kerberos 5 (SSH v1 protocol) support
requires the MIT Kerberos runtime libraries on the client. To use
Kerberos 5 authentication with an SSH server, the SSH server must
support the SSH v1 protocol, and must be built with with Kerberos
support enabled (see Links section, below). Kerberos 5 interoperability
has been tested with OpenSSH 3.4p1.

Note: GSSAPI authentication support for Windows 2000 and XP is
      provided via the Microsoft SSPI (Security Service Provider
      Interface); the MIT libraries are *not* required for GSSAPI
      authentication support for Windows 2000 and XP.


======================================================================
Installation
======================================================================

The installer installs the PuTTY program files, adds a Putty program
group to the start menu, and adds shortcuts to Putty and Pageant.
The PATH environment variable is updated to include the directory
PuTTY was installed.

Note: On Windows NT/W2K/XP, you must install PuTTY with a user that has
      system Administrator privilege.  When you attempt to install with a
      user that does not, the installer will prompt you for the user name
      and password of a user with Administrator privilege.  Otherwise, you
      will need to log off the current user and log in as Administrator,
      then attempt the installation again.



Installation Procedure
======================
1. Unzip the package into a temporary directory. 
2. Double click on setup.exe.


Kerberos 5 SSH 1 Protocol Support
=================================
If you wish to use the Kerberos 5 SSH 1 protocol option, obtain
the following two DLLs from the MIT distribution and place
them in the PuTTY installation directory:

   krb5_32.dll
   comerr32.dll

Configure the krb5.ini file in the PuTTY installation directory
appropriately for your environment. You may need to create the
krb5.ini file. Below is a sample krb5.ini file:

   [libdefaults]
       default_realm = YOURDOMAIN

   [realms]
       YOURDOMAIN = {
           kdc = domain-controller.example.com
           admin_server = domain-controller.example.com
           kpasswd_server = domain-controller.example.com
       }

   [domain_realm]
       .com = YOURDOMAIN


MIT Kerberos GSSAPI SSH 2 Protocol Support
============================================
If you wish to use the plugin for MIT Kerberos GSSAPI support 
instead of the plugin for native Windows SSPI support, follow these
steps:

    Open a command terminal: Start->Run cmd <ENTER>
    cd c:\Program Files\Simon Tatham\PuTTY
    copy plugin_mitgss.dll plugingss.dll



======================================================================
Configuration
======================================================================

Three configuration checkboxes have been added to the PuTTY session 
configuration:

    Connection->SSH->Auth
      Options controlling SSH Authentication
        Authentication Methods:
          X Attempt Kerberos5 Authentication (SSH1)
          X Attempt GSSAPI/Kerberos5 Authentication (SSH2)

        Authentication parameters:
          X Allow Kerberos 5 ticket forwarding (SSH 1/2)


Attempt Kerberos 5 Authentication (SSH1) -- Check this option if you
want PuTTY to attempt Kerberos 5 authentication when communicating
with an SSH server when using the SSH v1 protocol.

Note: This authentication mechanism only works with OpenSSH versions
      prior to 3.7p1.  To authenticate using the Kerberos5 protocol
      with OpenSSH version 3.7p1 and later, use the GSSAPI/Kerberos5
      (SSH2) authentication method.

GSSAPI/Kerberos5 Authentication (SSH2) -- Check this option if you
want PuTTY to attempt GSSAPI authentication when communicating with
an SSH server when using the SSH v2 protocol.

Allow Kerberos 5 ticket forwarding (SSH 1/2) -- Check this option if
you want to allow forwarding of your Ticket Granting Ticket (TGT) from
the client to the SSH server.

======================================================================
Links
======================================================================

PuTTY:
  http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
  http://www.chiark.greenend.org.uk/~sgtatham/putty/

Certified Security Solutions GSSAPI patch for PuTTY:
  http://www.css-security.com/downloads.html

OpenSSH:
  http://www.openssh.com/portable.html
  ftp://mirror.cs.wisc.edu/pub/mirrors/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz

OpenSSH GSSAPI patches:
  http://www.sxw.org.uk/computing/patches/openssh.html
  http://www.sxw.org.uk/computing/patches/openssh-3.4p1-gssapi-20020627.diff

OpenSSH with GSSAPI patches applied:
  http://www.css-security.com/downloads.html


RFCs for GSSAPI support in SSH:
  http://www.ietf.org/proceedings/03mar/I-D/draft-ietf-secsh-gsskeyex-06.txt
  http://www.ietf.org/proceedings/03mar/I-D/draft-ietf-secsh-transport-15.txt

MIT Kerberos:
  http://web.mit.edu/network/kerberos-form.html
  http://web.mit.edu/kerberos/www/krb5-1.2/index.html#fetching

Note: The krb5-1.2.5/src/windows/README provides directions for
      compiling the MIT Kerberos distribution for Windows.


======================================================================
Licensing terms and copyrights
======================================================================

Portions of this patch were derived from the following sources:

  PuTTY:                         Simon Tatham.
  Kerberos 5 SSH version 1:      OpenSSH 3.4p1.
  SSH version 2 GSSAPI support:  Simon Wilkinson.

Certified Security Solutions, Inc. retains full rights to this
software patch file only, under the terms of the copyright notice
provided below.

The full copyright notices for all software used in the production of this
software patch are provided below.

---

Copyright (c) 2002-2005 Certified Security Solutions, Inc.
All rights reserved.
  
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
  
    * Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
    * Neither the name of Certified Security Solutions nor the names of its
contributors may be used to endorse or promote products derived from this
software without specific prior written permission.
  
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.

---

PuTTY is copyright 1997-2004 Simon Tatham.

Portions copyright Robert de Bath, Joris van Rantwijk, Delian
Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
Justin Bradford, Ben Harris, and CORE SDI S.A.

Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation files
(the "Software"), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:

The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT.  IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.


---

Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

---

This file is part of the OpenSSH software.

The licences which components of this software fall under are as
follows.  First, we will summarize and say that all components
are under a BSD licence, or a licence more free than that.

OpenSSH contains no GPL code.

1)
     * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
     *                    All rights reserved
     *
     * As far as I am concerned, the code I have written for this software
     * can be used freely for any purpose.  Any derived versions of this
     * software must be clearly marked as such, and if the derived work is
     * incompatible with the protocol description in the RFC file, it must be
     * called by a name other than "ssh" or "Secure Shell".

    [Tatu continues]
     *  However, I am not implying to give any licenses to any patents or
     * copyrights held by third parties, and the software includes parts that
     * are not under my direct control.  As far as I know, all included
     * source code is used in accordance with the relevant license agreements
     * and can be used freely for any purpose (the GNU license being the most
     * restrictive); see below for details.

    [However, none of that term is relevant at this point in time.  All of
    these restrictively licenced software components which he talks about
    have been removed from OpenSSH, i.e.,

     - RSA is no longer included, found in the OpenSSL library
     - IDEA is no longer included, its use is deprecated
     - DES is now external, in the OpenSSL library
     - GMP is no longer used, and instead we call BN code from OpenSSL
     - Zlib is now external, in a library
     - The make-ssh-known-hosts script is no longer included
     - TSS has been removed
     - MD5 is now external, in the OpenSSL library
     - RC4 support has been replaced with ARC4 support from OpenSSL
     - Blowfish is now external, in the OpenSSL library

    [The licence continues]

    Note that any information and cryptographic algorithms used in this
    software are publicly available on the Internet and at any major
    bookstore, scientific library, and patent office worldwide.  More
    information can be found e.g. at "http://www.cs.hut.fi/crypto".
    
    The legal status of this program is some combination of all these
    permissions and restrictions.  Use only at your own responsibility.
    You will be responsible for any legal consequences yourself; I am not
    making any claims whether possessing or using this is legal or not in
    your country, and I am not taking any responsibility on your behalf.
    
    
    			    NO WARRANTY
    
    BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
    FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
    OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
    PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
    OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
    MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
    TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
    PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
    REPAIR OR CORRECTION.
    
    IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
    WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
    REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
    INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
    OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
    TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
    YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
    PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
    POSSIBILITY OF SUCH DAMAGES.

2)
    The 32-bit CRC implementation in crc32.c is due to Gary S. Brown.
    Comments in the file indicate it may be used for any purpose without
    restrictions:

     * COPYRIGHT (C) 1986 Gary S. Brown.  You may use this program, or
     * code or tables extracted from it, as desired without restriction.

3)
    The 32-bit CRC compensation attack detector in deattack.c was
    contributed by CORE SDI S.A. under a BSD-style license.

     * Cryptographic attack detector for ssh - source code
     *
     * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
     *
     * All rights reserved. Redistribution and use in source and binary
     * forms, with or without modification, are permitted provided that
     * this copyright notice is retained.
     *
     * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
     * WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI S.A. BE
     * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR
     * CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF THIS
     * SOFTWARE.
     *
     * Ariel Futoransky <futo@core-sdi.com>
     * <http://www.core-sdi.com>

4)
    ssh-keygen was contributed by David Mazieres under a BSD-style
    license.

     * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
     *
     * Modification and redistribution in source and binary forms is
     * permitted provided that due credit is given to the author and the
     * OpenBSD project by leaving this copyright notice intact.

5)
    The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers
    and Paulo Barreto is in the public domain and distributed
    with the following license:

     * @version 3.0 (December 2000)
     * 
     * Optimised ANSI C code for the Rijndael cipher (now AES)
     * 
     * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
     * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
     * @author Paulo Barreto <paulo.barreto@terra.com.br>
     * 
     * This code is hereby placed in the public domain.
     * 
     * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
     * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
     * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
     * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
     * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
     * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
     * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
     * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
     * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
     * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

6)
    One component of the ssh source code is under a 4-clause BSD license,
    held by the University of California, since we pulled these parts from
    original Berkeley code.  The Regents of the University of California
    have declared that term 3 is no longer enforceable on their source code,
    but we retain that license as is.

     * Copyright (c) 1983, 1990, 1992, 1993, 1995
     *      The Regents of the University of California.  All rights reserved.
     *
     * Redistribution and use in source and binary forms, with or without
     * modification, are permitted provided that the following conditions
     * are met:
     * 1. Redistributions of source code must retain the above copyright
     *    notice, this list of conditions and the following disclaimer.
     * 2. Redistributions in binary form must reproduce the above copyright
     *    notice, this list of conditions and the following disclaimer in the
     *    documentation and/or other materials provided with the distribution.
     * 3. All advertising materials mentioning features or use of this software
     *    must display the following acknowledgement:
     *      This product includes software developed by the University of
     *      California, Berkeley and its contributors.
     * 4. Neither the name of the University nor the names of its contributors
     *    may be used to endorse or promote products derived from this software
     *    without specific prior written permission.
     *
     * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
     * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
     * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     * SUCH DAMAGE.

7)
    Remaining components of the software are provided under a standard
    2-term BSD licence with the following names as copyright holders:

	Markus Friedl
	Theo de Raadt
	Niels Provos
	Dug Song
	Aaron Campbell
	Damien Miller
	Kevin Steves
	Daniel Kouril
	Per Allansson

     * Redistribution and use in source and binary forms, with or without
     * modification, are permitted provided that the following conditions
     * are met:
     * 1. Redistributions of source code must retain the above copyright
     *    notice, this list of conditions and the following disclaimer.
     * 2. Redistributions in binary form must reproduce the above copyright
     *    notice, this list of conditions and the following disclaimer in the
     *    documentation and/or other materials provided with the distribution.
     *
     * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
     * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
     * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
     * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
     * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
     * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

