Log message:
Re-add conditional ldap entries.

Log message:
Add missing dependency on databases/lmdb, adjust PLIST

Log message:
mit-krb5: .. and the new patch

Log message:
mit-krb5: updated to 1.18

Major changes in 1.18:

Administrator experience
* Remove support for single-DES encryption types.
* Change the replay cache format to be more efficient and robust. Replay cache \ 
filenames using the new format end with ".rcache2" by default.
* setuid programs will automatically ignore environment variables that normally \ 
affect krb5 API functions, even if the caller does not use \ 
krb5_init_secure_context().
* Add an "enforce_ok_as_delegate" krb5.conf relation to disable \ 
credential forwarding during GSSAPI authentication unless the KDC sets the \ 
ok-as-delegate bit in the service ticket.
* Use the permitted_enctypes krb5.conf setting as the default value for \ 
default_tkt_enctypes and default_tgs_enctypes.

Developer experience
* Implement krb5_cc_remove_cred() for all credential cache types.
* Add the krb5_pac_get_client_info() API to get the client account name from a PAC.

Protocol evolution
* Add KDC support for S4U2Self requests where the user is identified by X.509 \ 
certificate. (Requires support for certificate lookup from a third-party KDB \ 
module.)
* Remove support for an old ("draft 9") variant of PKINIT.
* Add support for Microsoft NegoEx. (Requires one or more third-party GSS \ 
modules implementing NegoEx mechanisms.)

User experience
* Add support for "dns_canonicalize_hostname=fallback", causing \ 
host-based principal names to be tried first without DNS canonicalization, and \ 
again with DNS canonicalization if the un-canonicalized server is not found.
* Expand single-component hostnames in host-based principal names when DNS \ 
canonicalization is not used, adding the system's first DNS search path as a \ 
suffix. Add a "qualify_shortname" krb5.conf relation to override this \ 
suffix or disable expansion.
* Honor the transited-policy-checked ticket flag on application servers, \ 
eliminating the requirement to configure capaths on servers in some scenarios.

Code quality
* The libkrb5 serialization code (used to export and import krb5 GSS security \ 
contexts) has been simplified and made type-safe.
* The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has \ 
been revised to conform to current coding practices.
* The test suite has been modified to work with macOS System Integrity \ 
Protection enabled.
* The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can \ 
always be tested.

Major changes in 1.17.1:

This is a bug fix release.
* Fix a bug preventing "addprinc -randkey -kvno" from working in kadmin.
* Fix a bug preventing time skew correction from working when a KCM credential \ 
cache is used.

Major changes in 1.17:

Administrator experience
* A new Kerberos database module using the Lightning Memory-Mapped Database \ 
library (LMDB) has been added. The LMDB KDB module should be more performant and \ 
more robust than the DB2 module, and may become the default module for new \ 
databases in a future release.
* "kdb5_util dump" will no longer dump policy entries when specific \ 
principal names are requested.
* kpropd supports a --pid-file option to write a pid file at startup, when it is \ 
run in standalone mode.

Developer experience
* The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and \ 
string-to-key parameters from the KDC for a client principal.
* The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal \ 
names to be used with GSS-API functions.
* KDC and kadmind modules which call com_err() will now write to the log file in \ 
a format more consistent with other log messages.
* Programs which use large numbers of memory credential caches should perform better.

Protocol evolution
* The SPAKE pre-authentication mechanism is now supported. This mechanism \ 
protects against password dictionary attacks without requiring any additional \ 
infrastructure such as certificates. SPAKE is enabled by default on clients, but \ 
must be manually enabled on the KDC for this release.
* PKINIT freshness tokens are now supported. Freshness tokens can protect \ 
against scenarios where an attacker uses temporary access to a smart card to \ 
generate authentication requests for the future.
* Password change operations now prefer TCP over UDP, to avoid spurious error \ 
messages about replays when a response packet is dropped.
* The KDC now supports cross-realm S4U2Self requests when used with a \ 
third-party KDB module such as Samba's. The client code for cross-realm S4U2Self \ 
requests is also now more robust.

User experience
* The new ktutil addent -f flag can be used to fetch salt information from the \ 
KDC for password-based keys.
* The new kdestroy -p option can be used to destroy a credential cache within a \ 
collection by client principal name.
* The Kerberos man page has been restored, and documents the environment \ 
variables that affect programs using the Kerberos library.

Code quality
* Python test scripts now use Python 3.
* Python test scripts now display markers in verbose output, making it easier to \ 
find where a failure occurred within the scripts.
* The Windows build system has been simplified and updated to work with more \ 
recent versions of Visual Studio. A large volume of unused Windows-specific code \ 
has been removed. Visual Studio 2013 or later is now required.

Log message:
all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.

Log message:
*: Remove obsolete BUILDLINK_API_DEPENDS.openssl.

Log message:
*: Recursive revision bump for openssl 1.1.1.

Log message:
security: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.

Log message:
Bump PKGREVISIONs for perl 5.30.0

Log message:
mit-krb5: Support LDAP, fix plugin shared library naming.

The libtool-ification caused plugins to have a "lib" prefix, causing a \ 
mismatch
with what the code was trying to dlopen(), and failures.  Bump PKGREVISION.